GCVE - cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:acronis:cyber_backup:12.5:10130:*:*:*:*:*:*

part: a version: 12.5 update: 10130

Vendor	Acronis (`d64000ef-8c61-5ba5-86d7-61c680cdcd75`)
Product	Cyber Backup (`3c3ade17-d4e3-515a-b0ad-6b7cfa54d071`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-3405`	vulnerable	2026-06-03 14:47:58.273981	Details available CRITICAL (9.3) Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. Published: 2023-05-03T10:49:47.642Z Updated: 2025-02-03T18:23:43.444Z Open on db.gcve.eu Reference links https://security-advisory.acronis.com/advisories/SEC-4092 https://herolab.usd.de/security-advisories/usd-2022-0008/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-30995`	vulnerable	2026-06-03 14:47:10.385385	Details available CRITICAL (9.3) Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. Published: 2023-05-03T10:50:45.883Z Updated: 2025-01-30T15:19:32.564Z Open on db.gcve.eu Reference links https://security-advisory.acronis.com/advisories/SEC-3855	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-16171`	vulnerable	2026-06-03 14:41:47.267216	Details available An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572. Published: 2020-09-21T13:07:07.000Z Updated: 2024-08-04T13:37:54.193Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2020/Sep/33 https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.