CVE-2024-49388: 
Acronis Cyber Protect vulnerability analysis and mitigation

Sensitive information manipulation vulnerability (CVE-2024-49388) affects Acronis Cyber Protect 16 for Linux and Windows platforms before build 38690. The vulnerability was disclosed on October 15, 2024, and is related to improper authorization mechanisms (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.1 CRITICAL by NIST, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. However, Acronis International GmbH assessed it with a lower CVSS v3.0 score of 3.1 LOW (Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) (NVD).

The vulnerability allows for sensitive information manipulation due to improper authorization, potentially leading to unauthorized access to sensitive data and system modifications. The CVSS scores indicate high impacts on confidentiality and integrity, though availability is not affected (NVD).

Users should upgrade Acronis Cyber Protect 16 to build 38690 or later to address this vulnerability. The fix has been implemented in newer builds of the software (NVD).