{ "id": "CVE-2022-30995", "sourceIdentifier": "security@acronis.com", "published": "2023-05-03T11:15:11.193", "lastModified": "2023-05-09T17:03:06.093", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV30": [ { "source": "security@acronis.com", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 2.8, "impactScore": 5.8 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-287" } ] }, { "source": "security@acronis.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-287" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:-:*:*:*:*:*:*", "matchCriteriaId": "3117B8C4-C8E6-4F50-923D-5BF50222337D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*", "matchCriteriaId": "C2ECE37D-291E-4D07-9D8B-79D09D78FA35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:10330:*:*:*:*:*:*", "matchCriteriaId": "9826E331-15CB-454D-80E6-B39B380894F7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:11010:*:*:*:*:*:*", "matchCriteriaId": "89A4839A-EF22-4E28-82ED-5828207D7ADE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13160:*:*:*:*:*:*", "matchCriteriaId": "A847D357-EB6F-4CBF-AEB7-20ABF6B6A0E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:13400:*:*:*:*:*:*", "matchCriteriaId": "6677430F-19A5-4D7A-91F5-9D906DC48174" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14280:*:*:*:*:*:*", "matchCriteriaId": "C38873F8-EB4E-4B20-B4BB-A8E9CC2E4FC2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:14330:*:*:*:*:*:*", "matchCriteriaId": "00644AD1-6114-4470-8AD6-C2D975329A71" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16180:*:*:*:*:*:*", "matchCriteriaId": "49694CEB-C054-4D02-A7BA-D57E7A1538C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16318:*:*:*:*:*:*", "matchCriteriaId": "3FE3F243-202A-4EF5-B4B8-F912B6763F22" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:16327:*:*:*:*:*:*", "matchCriteriaId": "D5831900-150B-4DAD-A17D-C974F8F91C8D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7641:*:*:*:*:*:*", "matchCriteriaId": "3F540D84-5562-41AE-9294-64F19596149E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:7970:*:*:*:*:*:*", "matchCriteriaId": "122DEB91-6506-4F94-9C79-887EECE68A7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:8850:*:*:*:*:*:*", "matchCriteriaId": "0B6EA731-C344-424E-B5FB-291CD59DDAB5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_backup:12.5:9010:*:*:*:*:*:*", "matchCriteriaId": "EF144B8E-E42F-41E3-8E23-88B1F862D14A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_protect:15:-:*:*:*:*:*:*", "matchCriteriaId": "89899D10-1343-4276-919A-9C1DF2DB8B55" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update1:*:*:*:*:*:*", "matchCriteriaId": "A77B2499-B3A4-4278-BA0D-59AB59C60352" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update2:*:*:*:*:*:*", "matchCriteriaId": "BAF6A576-C320-4550-B7F8-4FCAE82FB06A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:acronis:cyber_protect:15:update3:*:*:*:*:*:*", "matchCriteriaId": "9740A956-D589-4846-8717-B6182EB65F8B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" }, { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" } ] } ] } ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-3855", "source": "security@acronis.com", "tags": [ "Vendor Advisory" ] } ] }