CVE-2022-45450
18.05.2023, 10:15
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| acronis | cyber_protect | 𝑥 < 15 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| acronis | agent | 𝑥 < 28610 | CNA |
| acronis | agent | 𝑥 < 30984 | CNA |
Common Weakness Enumeration
- CWE-285 - Improper AuthorizationThe software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
- CWE-552 - Files or Directories Accessible to External PartiesThe product makes files or directories accessible to unauthorized actors, even though they should not be.