Cyber protect

This hub aggregates every CVE we track for Cyber protect, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Cyber protect.

• CVE-2024-55541Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.6.1Jan 2, 2025
• CVE-2024-55540Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.7.8Jan 2, 2025
• CVE-2024-55543Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.7.8Jan 2, 2025
• CVE-2024-49388Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.9.1Oct 15, 2024
• CVE-2024-49387Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.7.5Oct 15, 2024
• CVE-2024-49384Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.4.3Oct 15, 2024
• CVE-2024-49383Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.4.3Oct 15, 2024
• CVE-2024-49382Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.4.3Oct 15, 2024
• CVE-2022-45449Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.6.5Jul 16, 2024
• CVE-2023-48682Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.5.4Feb 27, 2024
• CVE-2023-48681Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.6.1Feb 27, 2024
• CVE-2023-48680Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391.5.5Feb 27, 2024
• CVE-2023-48679Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.5.4Feb 27, 2024
• CVE-2023-48678Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.5.5Feb 27, 2024
• CVE-2023-44207Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.5.4Sep 27, 2023