CVE-2024-8767

EUVD-2024-49405
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
acronisbackup_plugin_for_cpanel_\&_whm
𝑥
< 619
ADP
acronisbackup_extension_for_plesk
𝑥
< 555
ADP
acronisbackup_plugin_for_directadmin
𝑥
< 147
ADP
Common Weakness Enumeration
References
https://security-advisory.acronis.com/advisories/SEC-4976