Primary

Context

Acronis Cyber Protect 16 Session Invalidation Vulnerability on Windows

Vulnerability

Patched

A vulnerability exists in Acronis Cyber Protect 16 for Windows, prior to build 39169, due to missing session invalidation after user deletion. This flaw could potentially be exploited to access user sessions that should have been terminated.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user sessions, allowing for actions to be performed on behalf of the deleted user.

Remediation

Users can update to Acronis Cyber Protect 16 Update 3 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acronis Cyber Protect 16 Session Invalidation Vulnerability on Windows

Vulnerability

Impact

Remediation

Affected Products

Acronis Cyber Protect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating