Note:
This project will be discontinued after December 13, 2021. [more]
Product:
True_image
(Acronis)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-08-05 | CVE-2021-32576 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). | True_image | 7.8 | ||
| 2021-08-05 | CVE-2021-32578 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). | True_image | 7.8 | ||
| 2021-08-05 | CVE-2021-32579 | Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API. | True_image | 7.8 | ||
| 2021-08-05 | CVE-2021-32580 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | True_image | 7.8 | ||
| 2021-08-05 | CVE-2021-32581 | Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. | Cyber_protect_cloud, Cyber_protection_agent, True_image | 8.1 | ||
| 2021-07-15 | CVE-2020-25593 | Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | True_image | 6.7 | ||
| 2021-07-15 | CVE-2020-15496 | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | True_image | 7.8 | ||
| 2021-01-29 | CVE-2020-35145 | Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | True_image | 7.8 | ||
| 2020-10-21 | CVE-2020-10140 | Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis. | True_image | 7.3 | ||
| 2017-06-21 | CVE-2017-3219 | Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | True_image | 8.8 |