CVE-2022-30995 CRITICAL

CVE-2022-30995

Vendor Acronis
Product Acronis Cyber Protect 15
Weakness CWE-287 · Improper authentication
Published May 3, 2023
Last update January 30, 2025

CVSS base score

9.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.

Key dates

02Disclosure timeline

May 3, 2023 CVE published
January 30, 2025 Record updated