| Acronis True Image 2021 Update 3 (Build 35860) | December 22, 2020 | - [SEC-2721] Local privilege escalation was possible due to a DLL hijacking vulnerability in multiple components. The issue was assigned CVE-2020-35145, CVSS score 6.9 (medium severity). We would like to thank HackerOne researchers @vanitas, @z3ron3, @binary_01 for reporting this to us.
|
| Acronis True Image 2021 Update 2 (Build 34340) | November 24, 2020 | - [SEC-1768] Antiransomware microservice did not authenticate inter-service communication. The issue was assigned CVE-2020-9450, CVSS score 4.9 (medium severity). We would like to thank HackerOne researcher @mjoensen for reporting this to us.
|
| Acronis True Image 2021 Update 1 (Build 32010) | October 7, 2020 | - [SEC-2181] Local privilege escalation was possible due to a DLL injection vulnerability. The issue was assigned CVE-2020-10139, CVSS score 8.1 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us.
- [SEC-2196] Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-10140, CVSS score 8.7 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas for reporting this to us.
|
| Acronis True Image 2021 (Build 30290) | August 20, 2020 | - [SEC-1766] Local privilege escalation was possible due to improper soft link handling. The issue was assigned CVE-2020-9451, CVSS score 5.9 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
- [SEC-1767] Possible denial of service due to insecure folder permissions. The issue was assigned CVE-2020-9452, CVSS score 4.2 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
- [SEC-2071] Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-15496, CVSS score 6.4 (medium). We want to thank HackerOne researcher @theevilbit for reporting this to us.
- [SEC-2072] Local privilege escalation was possible due to an insecure service configuration. The issue was assigned CVE-2020-15495, CVSS score 6.0 (medium).
|
| Acronis True Image 2020 Update 4 (Build 38530) | February 16, 2021 | - SEC-2196 Local privilege escalation was possible due to insecure folder permissions. The issue was assigned CVE-2020-10140, CVSS score 8.7 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas for reporting this to us.
- SEC-2181 Local privilege escalation was possible due to a DLL injection vulnerability. The issue was assigned CVE-2020-10139, CVSS score 8.1 (high). We want to thank HackerOne researchers @adr, @mmg, @vanitas, @xnand for reporting this to us.
- SEC-2721 Local privilege escalation was possible due to DLL hijacking vulnerability in multiple components. The issue was assigned CVE-2020-35145, CVSS score 6.9 (medium severity). We would like to thank HackerOne researchers @vanitas, @z3ron3, @binary_01 for reporting this to us.
- SEC-1766 - Local privilege escalation was possible due to improper soft link handling. The issue was assigned CVE-2020-9451, CVSS score 5.9 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
- SEC-1768 Antiransomware microservice did not authenticate inter-service communication. The issue was assigned CVE-2020-9450, CVSS score 4.9 (medium severity). We would like to thank HackerOne researcher @mjoensen for reporting this to us.
- SEC-1767 - Possible denial of service due to insecure folder permissions. The issue was assigned CVE-2020-9452, CVSS score 4.2 (medium). We want to thank HackerOne researcher @mjoensen for reporting this to us.
|