CVE-2023-44154

Published: Sep 27, 2023Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

Affected (7)

Products: Acronis: Cyber Protect

Acronis

1 product

Cyber Protect

Configuration A

7 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Acronis Cyber Protect	Before 15
Acronis Cyber Protect	Version 15
Acronis Cyber Protect	Version 15 update1
Acronis Cyber Protect	Version 15 update2
Acronis Cyber Protect	Version 15 update3
Acronis Cyber Protect	Version 15 update4
Acronis Cyber Protect	Version 15 update5

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://security-advisory.acronis.com/advisories/SEC-2436

Source: security@acronis.com

Vendor Advisory

https://security-advisory.acronis.com/advisories/SEC-2436

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.