CVE-2024-8767 CRITICAL

CVE-2024-8767

Vendor Acronis
Product Acronis Backup plugin for cPanel & WHM
Weakness CWE-250
Published September 17, 2024
Last update September 17, 2024

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.

Key dates

02Disclosure timeline

September 17, 2024 CVE published
September 17, 2024 Record updated