Vulnerabilities > Acronis > Cyber Protect

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2022-24113 Incorrect Default Permissions vulnerability in Acronis products
Local privilege escalation due to excessive permissions assigned to child processes.
local
low complexity
acronis CWE-276
7.8
7.8
2021-11-29 CVE-2021-44198 Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15
DLL hijacking could lead to local privilege escalation.
local
low complexity
acronis CWE-427
7.8
7.8
2021-11-29 CVE-2021-44199 Uncontrolled Search Path Element vulnerability in Acronis Agent, Cyber Protect and Cyber Protect Home Office
DLL hijacking could lead to denial of service.
local
low complexity
acronis CWE-427
5.5
5.5
2021-11-29 CVE-2021-44200 Cross-site Scripting vulnerability in Acronis Cyber Protect 15
Self cross-site scripting (XSS) was possible on devices page.
network
low complexity
acronis CWE-79
5.4
5.4
2021-11-29 CVE-2021-44201 Cross-site Scripting vulnerability in Acronis Cyber Protect 15
Cross-site scripting (XSS) was possible in notification pop-ups.
network
low complexity
acronis CWE-79
6.1
6.1
2021-11-29 CVE-2021-44202 Cross-site Scripting vulnerability in Acronis Cyber Protect 15
Stored cross-site scripting (XSS) was possible in activity details.
network
low complexity
acronis CWE-79
5.4
5.4
2021-11-29 CVE-2021-44203 Cross-site Scripting vulnerability in Acronis Cyber Protect 15
Stored cross-site scripting (XSS) was possible in protection plan details.
network
low complexity
acronis CWE-79
5.4
5.4
2021-08-12 CVE-2021-38086 Uncontrolled Search Path Element vulnerability in Acronis Cyber Protect 15
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.
local
low complexity
acronis CWE-427
7.8
7.8
2021-08-12 CVE-2021-38087 Cross-site Scripting vulnerability in Acronis Cyber Protect 15
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.
network
low complexity
acronis CWE-79
6.1
6.1
2021-08-12 CVE-2021-38088 Unspecified vulnerability in Acronis Cyber Protect 15
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
local
low complexity
acronis
7.8
7.8