CVE-2024-49387

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions prior to build 38690

Description: The issue is related to the cleartext transmission of sensitive information in the acep-collector service, which may allow a remote attacker to gain unauthorized access to confidential information.

Recommendations: For Acronis Cyber Protect 16 versions prior to build 38690, update to a version that includes the fix for this issue, specifically build 38690 or later. As a temporary workaround, consider restricting access to the acep-collector service to minimize the risk of exploitation.