7.5
CVE-2023-44156
- EPSS 0.24%
- Published 27.09.2023 15:19:37
- Last modified 21.11.2024 08:25:20
- Source security@acronis.com
- Teams watchlist Login
- Open Login
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
Data is provided by the National Vulnerability Database (NVD)
Acronis ≫ Cyber Protect Version < 15
Acronis ≫ Cyber Protect Version15 Update-
Acronis ≫ Cyber Protect Version15 Updateupdate1
Acronis ≫ Cyber Protect Version15 Updateupdate2
Acronis ≫ Cyber Protect Version15 Updateupdate3
Acronis ≫ Cyber Protect Version15 Updateupdate4
Acronis ≫ Cyber Protect Version15 Updateupdate5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.465 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@acronis.com | 5.7 | 2.1 | 3.6 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.