CVE-2024-49388

Published: Oct 15, 2024Modified: Feb 4, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.

Affected (3)

Products: Acronis: Cyber Protect

Acronis

1 product

Cyber Protect

Configuration A

3 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Acronis Cyber Protect	Up to 15
Acronis Cyber Protect	Version 16
Acronis Cyber Protect	Version 16 update1

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://security-advisory.acronis.com/advisories/SEC-5984

Source: security@acronis.com

Vendor Advisory

Timeline

No history available yet.