Products
Acronis Backup plugin for cPanel & WHM
- before build 619
Acronis Backup extension for Plesk
- before build 555
Acronis Backup plugin for DirectAdmin
- before build 147
Source
security@acronis.com
Tags
CVE-2024-8767 details
Last Modified : Sept. 17, 2024, 9:15 a.m.
Description
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9.9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
9.9
Exploitability Score
3.1
Impact Score
6.0
Base Severity
CRITICAL
Vector String : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References
URL | Source |
---|---|
https://security-advisory.acronis.com/advisories/SEC-4976 | security@acronis.com |