CVE-2023-48676 LOW

CVE-2023-48676

Vendor Acronis

Product Acronis Cyber Protect Cloud Agent

Weakness CWE-862 · Missing authorization

Published December 14, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.

Key dates

02Disclosure timeline

December 14, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-48676 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2026-22348 WordPress Civic Cookie Control plugin <= 1.53 - Broken Access Control vulnerability CVE-2024-8552 Download Monitor <= 5.0.9 - Missing Authorization to Authenticated (Subscriber+) Shop Enable CVE-2025-69352 WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability CVE-2022-41695 WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control CVE-2025-48326 WordPress Acclectic Media Organizer Plugin <= 1.4 - Broken Access Control Vulnerability

Identifiers

CVE CVE-2023-48676

CWE CWE-862

CVSS 3.3 / LOW

Affected versions

Vendor Acronis

Product Acronis Cyber Protect Cloud Agent

Affected ≥ unspecified and < 36943