Acronis Product Security Update Advisory (CVE-2024-8767)

Sep 24 2024

Overview

An update has been released to address vulnerabilities in Acronis Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8767

Acronis Backup plugin for cPanel & WHM (Linux) build 619 previous version
Acronis Backup extension for Plesk (Linux) build 555 previous version
Acronis Backup plugin for DirectAdmin (Linux) build 147 previous version

Resolved Vulnerabilities

Vulnerability in the Next.js page router’s non-dynamic server-side render path via a crafted HTTP request that could result in malformed cache control headers being sent by polluting the cache in the Next.js page router (CVE-2024-46982)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8767

Acronis Backup plugin for cPanel & WHM 1.8.0 version
Acronis Backup extension for Plesk 1.8.0 version
Acronis Backup plugin for DirectAdmin 1.2.0 version

References

[1] CVE-2024-8767 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-8767

[2] Sensitive data disclosure and manipulation due to unnecessary privileges assignment

https://security-advisory.acronis.com/advisories/SEC-4976

Acronis Product Security Update Advisory (CVE-2024-8767)

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)

Tags:

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)