Lucene search

AcronisCVELIST:CVE-2023-48676

HistoryDec 14, 2023 - 1:32 p.m.

CVE-2023-48676

2023-12-1413:32:28

CWE-862

Acronis

www.cve.org

sensitive information

missing authorization

acronis cyber protect cloud agent

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.

CNA Affected

[
  {
    "vendor": "Acronis",
    "product": "Acronis Cyber Protect Cloud Agent",
    "platforms": [
      "Windows"
    ],
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "lessThan": "36943",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

security-advisory.acronis.com/advisories/SEC-5905

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-48676