We work closely with the security community and embrace researches who contribute towards the optimization of our products. If you believe you have found a security issue, please report it to us as soon as possible via hackerone.com/acronis.
We see no signs of active exploitation of the vulnerabilities listed on this page.
Windows #
SEC-2807 #
Severity: CVSS:3.0 7.9 High
Summary: Local privilege escalation was possible due to insecure folder permissions
Credits: We would like to thank HackerOne researchers @twvyy3vyaw8k, @z3ron3 for reporting this to us
CVE-2021-32577
macOS #
SEC-2207 #
Severity: CVSS:3.0 7.1 High
Summary: Unauthenticated attacker having local code execution was able to tamper with micro-service API
CVE-2021-32579
SEC-2728 #
Severity: CVSS:3.0 7.3 High
Summary: SSL certificate validation was not implemented
Credits: We would like to thank HackerOne researcher @aapo for reporting this to us
CVE-2021-32581
