Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cipplanner cipace vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2020-11586
An XXE issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11587
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11589
An Insecure Direct Object Reference issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11590
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11591
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11592
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11593
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11594
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11595
An issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.
Cipplanner Cipace
5
CVSSv2
CVE-2020-11596
A Directory Traversal issue exists in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.
Cipplanner Cipace
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook