CIPAce Enterprise Platform
by CIPPlanner
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11586 | Cri | 0.64 | 9.8 | 0.01 | Apr 6, 2020 | An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | ||
| CVE-2020-11599 | Hig | 0.49 | 7.5 | 0.01 | Apr 6, 2020 | An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user. | ||
| CVE-2020-11596 | Hig | 0.49 | 7.5 | 0.02 | Apr 6, 2020 | A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server. | ||
| CVE-2020-11592 | Hig | 0.49 | 7.5 | 0.01 | Apr 6, 2020 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. | ||
| CVE-2020-11590 | Med | 0.35 | 5.3 | 0.01 | Apr 6, 2020 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name. |
- risk 0.64cvss 9.8epss 0.01
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
- risk 0.49cvss 7.5epss 0.02
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.