Summaryinfo

A vulnerability was found in Acronis Cyber Protect 15. It has been declared as problematic. This affects an unknown function. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2023-44160. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Detailsinfo

A vulnerability was found in Acronis Cyber Protect 15. It has been classified as problematic. Affected is some unknown processing. The manipulation with an unknown input leads to a cross-site request forgery vulnerability. CWE is classifying the issue as CWE-352. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This is going to have an impact on integrity. CVE summarizes:

Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

The weakness was released 09/27/2023. The advisory is available at security-advisory.acronis.com. This vulnerability is traded as CVE-2023-44160 since 09/26/2023. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available.

Upgrading eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Acronis

Name

• Cyber Protect

Version

• 15

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion