VYPR

CIPAce Enterprise Platform

by CIPPlanner

CVEs (5)

  • CVE-2020-11586CriApr 6, 2020
    risk 0.64cvss 9.8epss 0.01

    An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.

  • CVE-2020-11599HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.

  • CVE-2020-11596HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.02

    A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.

  • CVE-2020-11592HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.

  • CVE-2020-11590MedApr 6, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.