Lucene search
K

142 matches found

NVD
NVD
added 2020/04/06 10:15 p.m.18 views

CVE-2020-11588

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

5.3CVSS5.3AI score0.00963EPSS
Exploits1References1
OSV
OSV
added 2020/04/06 10:15 p.m.2 views

CVE-2020-11588

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

5.3CVSS6.1AI score0.00963EPSS
Exploits1References1
Prion
Prion
added 2020/04/06 10:15 p.m.11 views

Cross site request forgery (csrf)

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner...

7.5CVSS9.7AI score0.0148EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.13 views

Hardcoded credentials

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address...

5CVSS7.4AI score0.00992EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

5CVSS5.3AI score0.00963EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.15 views

Design/Logic Flaw

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

5CVSS7.3AI score0.01132EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.14 views

Path traversal

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

5CVSS7.6AI score0.01209EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...

5CVSS7.5AI score0.01209EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.14 views

Directory traversal

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server...

5CVSS7.4AI score0.01768EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.10 views

Code injection

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file...

7.5CVSS9.7AI score0.02509EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.13 views

Cross site request forgery (csrf)

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5CVSS5.3AI score0.00963EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.12 views

Default credentials

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user...

5CVSS7.5AI score0.01104EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.12 views

Cross site request forgery (csrf)

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database...

5CVSS7.6AI score0.01209EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/06 10:15 p.m.17 views

Design/Logic Flaw

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name...

5CVSS5.4AI score0.00963EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:35 p.m.22 views

CVE-2020-11586

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data...

9.6AI score0.01247EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:35 p.m.71 views

CVE-2020-11586

CIPPlanner CIPAce 9.1 Build 2019092801 is affected by an XXE in the API that accepts XML DTD data. An unauthenticated, network-based attacker can exploit this via crafted XML requests. CVSSv3.1/2.0 scores indicate High to Critical impact on confidentiality, integrity, and availability (base 9.8, ...

9.8CVSS9.4AI score0.01247EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/04/06 9:34 p.m.75 views

CVE-2020-11587

CVE-2020-11587 affects CIPPlanner CIPAce 9.1 Build 2019092801, where an unauthenticated attacker can issue an API request and read the contents of ETL Processes running on the server. The connected records consistently describe this exposure but do not provide a vendor-provided fix or version-spe...

7.5CVSS7.6AI score0.01209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.26 views

CVE-2020-11587

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server...

7.6AI score0.01209EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:34 p.m.67 views

CVE-2020-11588

CVE-2020-11588 affects CIPPlanner CIPAce 9.1 Build 2019092801. The vulnerability allows an unauthenticated attacker to perform an HTTP GET that accesses two files containing customer data and application paths. Root cause and exact technical details are not explicitly provided in the connected do...

5.3CVSS5.3AI score0.00963EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.23 views

CVE-2020-11588

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths...

5.4AI score0.00963EPSS
Exploits1References1
Rows per page
Query Builder