PT-2021-21946 · Acronis · Acronis Cyber Protect 15+1

Published

2021-08-10

Updated

2021-08-20

CVE-2021-38087

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 15 versions prior to build 27009

Description: A reflected cross-site scripting (XSS) issue was possible on the login page. This allowed for the execution of malicious scripts, potentially leading to unauthorized access or data theft. The issue was identified in the login page of the affected software.

Recommendations: For Acronis Cyber Protect 15 versions prior to build 27009, update to build 27009 or later to resolve the issue. As a temporary workaround, consider restricting access to the login page until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-38087

Affected Products

Acronis

Acronis Cyber Protect 15

PT-2021-21946 · Acronis · Acronis Cyber Protect 15+1

CVE-2021-38087

Weakness Enumeration

Related Identifiers

Affected Products

References · 6