VYPR
Vendor

CIPPlanner

Products
2
CVEs
18
Across products
23
Status
Private

Products

2

Recent CVEs

18
  • CVE-2020-11586CriApr 6, 2020
    risk 0.64cvss 9.8epss 0.01

    An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.

  • CVE-2020-11598CriApr 6, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.

  • CVE-2020-11597CriApr 6, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.

  • CVE-2020-11587HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.

  • CVE-2020-11599HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.

  • CVE-2020-11596HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.02

    A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.

  • CVE-2020-11595HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.

  • CVE-2020-11594HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.

  • CVE-2020-11593HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address.

  • CVE-2020-11592HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.

  • CVE-2020-11589HigApr 6, 2020
    risk 0.49cvss 7.5epss 0.01

    An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.

  • CVE-2020-11591MedApr 6, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.

  • CVE-2020-11590MedApr 6, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.

  • CVE-2020-11588MedApr 6, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.

  • CVE-2024-50620Feb 11, 2026
    risk 0.00cvss epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload executable…

  • CVE-2024-50619Feb 11, 2026
    risk 0.00cvss epss 0.00

    Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change…

  • CVE-2024-50617Feb 11, 2026
    risk 0.00cvss epss 0.00

    Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve…

  • CVE-2024-50618Feb 11, 2026
    risk 0.00cvss epss 0.00

    A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker can possibly obtain full…