Produkt Cyber protect (...) - CVEMAP.ORG

Podatności dla 'Cyber protect'

2021-08-12

CVE-2021-38086

CWE-427

Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.

CVE-2021-38087

CWE-79

Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.

CVE-2021-38088

CWE-269

Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

2021-02-22

CVE-2020-35664

CWE-79

An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.

CVE-2020-35556

CWE-346

An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.

2020-10-21

CVE-2020-10138

CWE-269

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

>>> Vendor: Acronis 10 Produkty

True image windows agent

True image echo server

Cyber protect

True image 2020

Cyber protect cloud

Cyber protection agent

Copyright 2024, cxsecurity.com