Lucene search

K

14 matches found

CVE
CVE
added 2020/04/06 11:15 p.m.58 views

CVE-2020-11586

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.

9.8CVSS9.4AI score0.01914EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.58 views

CVE-2020-11597

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.

9.8CVSS9.6AI score0.02424EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.57 views

CVE-2020-11595

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.

7.5CVSS7.6AI score0.00967EPSS
CVE
CVE
added 2020/04/06 11:15 p.m.56 views

CVE-2020-11587

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.

7.5CVSS7.6AI score0.00967EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.56 views

CVE-2020-11593

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address.

7.5CVSS7.4AI score0.01114EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.56 views

CVE-2020-11598

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.

9.8CVSS9.6AI score0.03189EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.56 views

CVE-2020-11599

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.

7.5CVSS7.5AI score0.0036EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.55 views

CVE-2020-11588

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.

5.3CVSS5.3AI score0.0088EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.55 views

CVE-2020-11592

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.

7.5CVSS7.5AI score0.00967EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.53 views

CVE-2020-11590

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.

5.3CVSS5.3AI score0.00649EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.53 views

CVE-2020-11594

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.

7.5CVSS7.5AI score0.00714EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.48 views

CVE-2020-11589

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.

7.5CVSS7.3AI score0.00923EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.47 views

CVE-2020-11591

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.

5.3CVSS5.4AI score0.0088EPSS
CVE
CVE
added 2020/04/06 10:15 p.m.45 views

CVE-2020-11596

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.

7.5CVSS7.4AI score0.01898EPSS