CVE-2024-55538

Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector : AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://security-advisory.acronis.com/advisories/SEC-2209

Configurations

No configuration.

History

10 Apr 2026, 14:16

Type	Values Removed	Values Added
Summary		(es) Divulgación de información confidencial debido a la falta de autenticación. Los siguientes productos se ven afectados: Acronis True Image (macOS) antes de la compilación 41725, Acronis True Image (Windows) antes de la compilación 41736.
Summary	(en) Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736.	(en) Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575.

02 Jan 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-02 15:15

Updated : 2026-06-17 08:11

NVD link : CVE-2024-55538

Mitre link : CVE-2024-55538

CVE.ORG link : CVE-2024-55538

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-55538", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-55538", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-02T14:49:50.590543Z"}}], "cvssMetricV30": [{"type": "Secondary", "source": "security@acronis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.5}]}, "affected": [{"source": "security@acronis.com", "affectedData": [{"vendor": "Acronis", "product": "Acronis True Image", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41725", "versionType": "semver"}], "platforms": ["macOS"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "41736", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image OEM", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42571", "versionType": "semver"}], "platforms": ["macOS"], "defaultStatus": "unaffected"}, {"vendor": "Acronis", "product": "Acronis True Image OEM", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "42575", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}]}], "published": "2025-01-02T15:15:23.933", "references": [{"url": "https://security-advisory.acronis.com/advisories/SEC-2209", "source": "security@acronis.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@acronis.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736, Acronis True Image OEM (macOS) before build 42571, Acronis True Image OEM (Windows) before build 42575."}, {"lang": "es", "value": "Divulgaci\u00f3n de informaci\u00f3n confidencial debido a la falta de autenticaci\u00f3n. Los siguientes productos se ven afectados: Acronis True Image (macOS) antes de la compilaci\u00f3n 41725, Acronis True Image (Windows) antes de la compilaci\u00f3n 41736."}], "lastModified": "2026-06-17T08:11:12.120", "sourceIdentifier": "security@acronis.com"}