Lucene search
K

142 matches found

Cvelist
Cvelist
added 2020/04/06 9:34 p.m.21 views

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only...

7.4AI score0.01132EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:34 p.m.61 views

CVE-2020-11589

CIPPlanner CIPAce 9.1 Build 2019092801 is affected by an Insecure Direct Object Reference information-disclosure vulnerability (CVE-2020-11589). An unauthenticated attacker can issue a GET request to a URL and access data that should be restricted to authenticated users. CVSSv3.1 vector and base ...

7.5CVSS7.3AI score0.01132EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/04/06 9:34 p.m.67 views

CVE-2020-11590

CVE-2020-11590 affects CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can issue an HTTP GET to HealthPage.aspx and obtain the internal server name, exposing server identity. The core issue is a information disclosure via HealthPage.aspx; CVSS vectors from the NVD indicate med...

5.3CVSS5.3AI score0.00963EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.25 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name...

5.4AI score0.00963EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.25 views

CVE-2020-11591

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name...

5.4AI score0.00963EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:34 p.m.62 views

CVE-2020-11591

CVE-2020-11591 affects CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can trigger an API request to reveal the full application path and the customer name, exposing sensitive configuration/identity information. The incident is described across multiple sources (Red Hat, CNVD,...

5.3CVSS5.4AI score0.00963EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/04/06 9:34 p.m.71 views

CVE-2020-11592

CVE-2020-11592 affects CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can issue an API request and enumerate the columns of a table in the CIP database, exposing potential schema and column-level information. According to the linked disclosures, impact is information disclosu...

7.5CVSS7.5AI score0.01209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:34 p.m.19 views

CVE-2020-11592

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database...

7.6AI score0.01209EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:33 p.m.70 views

CVE-2020-11593

An issue in CIPPlanner CIPAce 9.1 Build 2019092801 allows an unauthenticated attacker to issue an HTTP POST with injected HTML data that is later leveraged to send emails from a customer’s trusted address. The description across sources (NVD, Red Hat, CNVD, etc.) consistently states this vulnerab...

7.5CVSS7.4AI score0.00992EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:33 p.m.20 views

CVE-2020-11593

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address...

7.5AI score0.00992EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:33 p.m.65 views

CVE-2020-11594

CVE-2020-11594 affects CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can send an API request that triggers a stack error, causing the system to reveal the full file path. This is the explicit impact described across multiple sources. The available documents do not provide a ...

7.5CVSS7.5AI score0.01209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:33 p.m.22 views

CVE-2020-11594

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path...

7.5AI score0.01209EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:33 p.m.74 views

CVE-2020-11595

An unauthenticated attacker can invoke the CIPPlanner CIPAce 9.1 Build 2019092801 API and obtain an upload folder path that reveals the hostname in a UNC path, indicating information disclosure via the API endpoint handling uploads. Affected product: CIPPlanner CIPAce (9.1, build 2019092801). Roo...

7.5CVSS7.6AI score0.01209EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:33 p.m.17 views

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...

7.6AI score0.01209EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:33 p.m.58 views

CVE-2020-11596

The set of connected sources confirms CVE-2020-11596 is a directory traversal vulnerability in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can issue HTTP GET requests to a specific URL and enumerate files/directories on the server, exposing information via path traversal. ...

7.5CVSS7.4AI score0.01768EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:33 p.m.19 views

CVE-2020-11596

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server...

7.5AI score0.01768EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/04/06 9:32 p.m.22 views

CVE-2020-11597

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner...

9.8AI score0.0148EPSS
Exploits1References1
CVE
CVE
added 2020/04/06 9:32 p.m.71 views

CVE-2020-11597

CVE-2020-11597 affects CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can send an HTTP POST request to inject SQL statements in the user context of the database owner, enabling potential disclosure or modification of data. The NVD metrics show a CVSSv3.1 base score of 9.8 (CR...

9.8CVSS9.6AI score0.0148EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/04/06 9:31 p.m.70 views

CVE-2020-11598

CVE-2020-11598 affects CIPPlanner CIPAce 9.1 Build 2019092801; Upload.ashx lets remote attackers upload and execute an ASHX file to achieve arbitrary code execution. The connected sources corroborate a code-execution vector via file upload, with no explicit exploit details or patch information pr...

9.8CVSS9.6AI score0.02509EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/04/06 9:31 p.m.24 views

CVE-2020-11598

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file...

9.8AI score0.02509EPSS
Exploits1References1
Rows per page
Query Builder