CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2020/04/06 10:15 p.m.•11 views

CVE-2020-11593

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address...

7.5CVSS7.5AI score0.01114EPSS

NVD•added 2020/04/06 10:15 p.m.•7 views

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

7.5CVSS7.4AI score0.00923EPSS

7.5CVSS7.1AI score0.0036EPSS

CVE-2020-11599

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user...

NVD•added 2020/04/06 10:15 p.m.•11 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5.3CVSS5.8AI score

Exploits0References1

CVE-2020-11598

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file...

9.8CVSS9.8AI score0.03189EPSS

NVD•added 2020/04/06 10:15 p.m.•7 views

CVE-2020-11597

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner...

9.8CVSS9.8AI score0.02424EPSS

OSV•added 2020/04/06 10:15 p.m.•1 views

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

7.5CVSS7.1AI score

Exploits0References1

9.8CVSS7.4AI score0.02424EPSS

CVE-2020-11597

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner...

NVD•added 2020/04/06 10:15 p.m.•8 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5.3CVSS5.3AI score0.00649EPSS

NVD•added 2020/04/06 10:15 p.m.•8 views

CVE-2020-11592

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database...

7.5CVSS7.6AI score0.00967EPSS

7.5CVSS7.1AI score0.00923EPSS

CVE-2020-11589

CVE-2020-11588

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

5.3CVSS6.1AI score

Exploits0References1

5CVSS5.3AI score0.0088EPSS

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

Prion•added 2020/04/06 10:15 p.m.•9 views

Hardcoded credentials

5CVSS7.4AI score0.01114EPSS

5CVSS7.3AI score0.00923EPSS

Design/Logic Flaw

Prion•added 2020/04/06 10:15 p.m.•12 views

Path traversal

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

5CVSS7.6AI score0.00967EPSS

5CVSS7.4AI score0.01898EPSS

Directory traversal

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server...

Prion•added 2020/04/06 10:15 p.m.•10 views

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...

5CVSS7.5AI score0.00714EPSS

5CVSS5.4AI score0.0088EPSS

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name...