CVE-2024-8767

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AcronisCNA
9.9 CRITICAL
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
acronisbackup_plugin_for_cpanel_\&_whm
𝑥
< 619
acronisbackup_extension_for_plesk
𝑥
< 555
acronisbackup_plugin_for_directadmin
𝑥
< 147
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security-advisory.acronis.com/advisories/SEC-4976