Vulnerabilities (CVE)

Filtered by vendor Cipplanner Subscribe
Filtered by product Cipace
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11599 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
CVE-2020-11598 1 Cipplanner 1 Cipace 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
CVE-2020-11597 1 Cipplanner 1 Cipace 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.
CVE-2020-11596 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.
CVE-2020-11595 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.
CVE-2020-11594 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
CVE-2020-11593 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address.
CVE-2020-11592 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.
CVE-2020-11591 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.
CVE-2020-11590 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.
CVE-2020-11589 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
CVE-2020-11588 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.
CVE-2020-11587 1 Cipplanner 1 Cipace 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
CVE-2020-11586 1 Cipplanner 1 Cipace 2024-11-21 7.5 HIGH 9.8 CRITICAL
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.