CVE-2024-8767
CRITICALAcronis Backup plugin for cPanel & WHM < 619 - Sensitive Data Disclosure and Manipulation via Unnecessary Privileges
Title source: llmDescription
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://security-advisory.acronis.com/advisories/SEC-4976
Scores
CVSS v3
9.9
EPSS
0.0048
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-250
Status
published
Products (3)
Acronis/Acronis Backup extension for Plesk
unspecified - 555
Acronis/Acronis Backup plugin for cPanel & WHM
unspecified - 619
Acronis/Acronis Backup plugin for DirectAdmin
unspecified - 147
Published
Sep 17, 2024
Tracked Since
Feb 18, 2026