CVE-2020-11595
An unauthenticated attacker can invoke the CIPPlanner CIPAce 9.1 Build 2019092801 API and obtain an upload folder path that reveals the hostname in a UNC path, indicating information disclosure via the API endpoint handling uploads. Affected product: CIPPlanner CIPAce (9.1, build 2019092801). Roo...