We work closely with the security community and embrace researches who contribute towards the optimization of our products. If you believe you have found a security issue, please report it to us as soon as possible via hackerone.com/acronis.
We see no signs of active exploitation of the vulnerabilities listed on this page.
Windows
SEC-2196
Severity: CVSS:3.0 8.7 High
Summary: Local privilege escalation was possible due to insecure folder permissions
Credits: We would like to thank HackerOne researchers @adr, @mmg, @vanitas for reporting this to us
CVE-2020-10140
SEC-2181
Severity: CVSS:3.0 8.1 High
Summary: Local privilege escalation was possible due to a DLL injection vulnerability
Credits: We would like to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us
CVE-2020-10139
SEC-2721
Severity: CVSS:3.0 6.9 Medium
Summary: Local privilege escalation was possible due to DLL hijacking vulnerability in multiple components
Credits: We would like to thank HackerOne researchers @vanitas, @z3ron3, @binary_01 for reporting this to us
CVE-2020-35145
SEC-1766
Severity: CVSS:3.0 6.9 Medium
Summary: Local privilege escalation was possible due to improper soft link handling
Credits: We would like to thank HackerOne researcher @mjoensen for reporting this to us
CVE-2020-9451
SEC-1768
Severity: CVSS:3.0 5.4 Medium
Summary: Antiransomware microservice did not authenticate inter-service communication
Credits: We would like to thank HackerOne researcher @mjoensen for reporting this to us
CVE-2020-9450
SEC-1767
Severity: CVSS:3.0 4.7 Medium
Summary: Possible denial of service due to insecure folder permissions
Credits: We would like to thank HackerOne researcher @mjoensen for reporting this to us
CVE-2020-9452
Mac
SEC-2071
Severity: CVSS:3.0 6.7 Medium
Summary: Local privilege escalation was possible due to insecure folder permissions
Credits: We would like to thank HackerOne researcher @theevilbit for reporting this to us
CVE-2020-25593
SEC-2309
Severity: CVSS:3.0 6.4 Medium
Summary: Local privilege escalation was possible due to insecure service configuration
Credits: We would like to thank HackerOne researcher @theevilbit for reporting this to us
CVE-2020-25736