PT-2024-13625 · Acronis · Acronis Cyber Protect Cloud Agent

Published

2024-04-29

Updated

2026-03-06

CVE-2023-48684

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Acronis Cyber Protect Cloud Agent versions before build 37758

Description The issue is related to sensitive information disclosure and manipulation due to missing authorization. This affects Acronis Cyber Protect Cloud Agent on Linux, macOS, and Windows platforms.

Recommendations For Acronis Cyber Protect Cloud Agent versions before build 37758, update to build 37758 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and implementing additional authorization mechanisms until the update is applied.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-48684

Affected Products

Acronis Cyber Protect Cloud Agent

PT-2024-13625 · Acronis · Acronis Cyber Protect Cloud Agent

CVE-2023-48684

Weakness Enumeration

Related Identifiers

Affected Products

References · 7