Vulnerabilities > Acronis
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-12 | CVE-2021-38087 | Cross-site Scripting vulnerability in Acronis Cyber Protect 15 Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | 6.1 |
| 2021-08-12 | CVE-2021-38088 | Unspecified vulnerability in Acronis Cyber Protect 15 Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | 7.8 |
| 2021-08-05 | CVE-2021-32576 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). | 7.8 |
| 2021-08-05 | CVE-2021-32577 | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. | 7.8 |
| 2021-08-05 | CVE-2021-32578 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). | 7.8 |
| 2021-08-05 | CVE-2021-32579 | Improper Authentication vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API. | 7.8 |
| 2021-08-05 | CVE-2021-32580 | Uncontrolled Search Path Element vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | 7.8 |
| 2021-08-05 | CVE-2021-32581 | Improper Certificate Validation vulnerability in Acronis products Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. | 8.1 |
| 2021-07-30 | CVE-2020-14999 | Unspecified vulnerability in Acronis Agent A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | 7.5 |
| 2021-07-15 | CVE-2020-15495 | Unspecified vulnerability in Acronis True Image 2019/2020 Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 |