Vulnerabilities in Acronis
192 resultsCVE-2022-30994—Cleartext transmission of sensitive informationEPSS 0.5%CVE-2023-44207MEDIUMStored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (LinuEPSS 0.5%CVE-2022-30992—Open redirect via user-controlled query parameterEPSS 0.5%CVE-2022-30991—HTML injection via report nameEPSS 0.5%CVE-2020-10138HIGHAcronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within CEPSS 0.5%CVE-2024-8767CRITICALSensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup pluEPSS 0.5%CVE-2017-3219—Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified usEPSS 0.5%CVE-2022-45451HIGHLocal privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber ProtectEPSS 0.5%CVE-2021-44203—Stored cross-site scripting (XSS) was possible in protection plan detailsEPSS 0.5%CVE-2021-44202—Stored cross-site scripting (XSS) was possible in activity detailsEPSS 0.5%CVE-2021-44200—Self cross-site scripting (XSS) was possible on devices pageEPSS 0.5%CVE-2025-30416CRITICALSensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (LinuEPSS 0.4%CVE-2023-44159MEDIUMSensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber ProteEPSS 0.4%CVE-2023-41742MEDIUMExcessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, WinEPSS 0.4%CVE-2020-10139HIGHAcronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. AcroEPSS 0.4%CVE-2026-28710HIGHSensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber ProtectEPSS 0.4%CVE-2022-45450MEDIUMSensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, EPSS 0.4%CVE-2023-2360LOWSensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) beforEPSS 0.4%CVE-2022-45449HIGHSensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber PEPSS 0.4%CVE-2023-41749MEDIUMSensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (WindEPSS 0.4%