CVE-2021-32579

HIGH

Acronis True Image - Unauthenticated API Tampering via Micro-Service

Title source: llm
STIX 2.1

Description

Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://kb.acronis.com/content/68419
Vendor Advisory x_refsource_misc
https://kb.acronis.com/content/68413

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 12.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (1)
acronis/true_image 2021 (9 CPE variants)
Published Aug 05, 2021
Tracked Since Feb 18, 2026