Vulnerabilities > Acronis > True Image > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-32580 | Uncontrolled Search Path Element vulnerability in Acronis True Image 2021 Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | 7.8 |
| 2021-08-05 | CVE-2021-32581 | Improper Certificate Validation vulnerability in Acronis products Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. | 8.1 |
| 2021-07-15 | CVE-2020-15495 | Unspecified vulnerability in Acronis True Image 2019/2020 Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 |
| 2021-07-15 | CVE-2020-25736 | Unspecified vulnerability in Acronis True Image 2019/2020/2021 Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 |
| 2021-07-15 | CVE-2020-15496 | Improper Preservation of Permissions vulnerability in Acronis True Image Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | 7.8 |
| 2021-01-29 | CVE-2020-35145 | Uncontrolled Search Path Element vulnerability in Acronis True Image Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | 7.8 |
| 2020-10-21 | CVE-2020-10140 | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021 Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. | 7.3 |
| 2020-10-21 | CVE-2020-10139 | Improper Initialization vulnerability in Acronis True Image 2021 Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. | 7.8 |
| 2017-06-21 | CVE-2017-3219 | Insufficient Verification of Data Authenticity vulnerability in Acronis True Image 2016/2017 Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. | 8.8 |