Vulnerabilities > Acronis > Cyber Protect > 16

DATE CVE VULNERABILITY TITLE RISK
2025-01-02 CVE-2024-55540 Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15/16
Local privilege escalation due to DLL hijacking vulnerability.
local
low complexity
acronis CWE-427
7.8
7.8
2025-01-02 CVE-2024-55541 Cross-site Scripting vulnerability in Acronis Cyber Protect 15/16
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage.
network
low complexity
acronis CWE-79
6.1
6.1
2025-01-02 CVE-2024-55543 Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15/16
Local privilege escalation due to DLL hijacking vulnerability.
local
low complexity
acronis CWE-427
7.8
7.8
2024-10-15 CVE-2024-49382 Unspecified vulnerability in Acronis Cyber Protect 16
Excessive attack surface in archive-server service due to binding to an unrestricted IP address.
low complexity
acronis
4.3
4.3
2024-10-15 CVE-2024-49383 Unspecified vulnerability in Acronis Cyber Protect 16
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address.
low complexity
acronis
4.3
4.3
2024-10-15 CVE-2024-49384 Unspecified vulnerability in Acronis Cyber Protect 16
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address.
low complexity
acronis
4.3
4.3
2024-10-15 CVE-2024-49387 Cleartext Transmission of Sensitive Information vulnerability in Acronis Cyber Protect 16
Cleartext transmission of sensitive information in acep-collector service.
network
low complexity
acronis CWE-319
7.5
7.5
2024-10-15 CVE-2024-49388 Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16
Sensitive information manipulation due to improper authorization.
network
low complexity
acronis CWE-639
critical
 9.1
9.1