Description
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Acronis / Acronis Backup extension for Pleskunspecified – 555
- Acronis / Acronis Backup plugin for cPanel & WHMunspecified – 619
- Acronis / Acronis Backup plugin for DirectAdminunspecified – 147
References
- VENDOR_ADVISORYhttps://security-advisory.acronis.com/advisories/SEC-4976