CVE-2023-45240 MEDIUM

CVE-2023-45240

Vendor Acronis

Product Acronis Agent

Weakness CWE-862 · Missing authorization

Published October 5, 2023

Last update September 20, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.

Key dates

02Disclosure timeline

October 5, 2023 CVE published

September 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-45240 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-43009 Missing Authorization check in SAP Service Parts Management (SPM) CVE-2023-22737 wire-server vulnerable to unauthorized removal of Bots from Conversations CVE-2025-24591 WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability CVE-2025-10184 OnePlus OxygenOS Telephony provider permission bypass CVE-2023-49757 WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability