Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2020
CVE-2020-11590
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.
CVSS Score
5.3
EPSS Score
0.006
Published
2020-04-06
CVE-2020-11591
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-04-06
CVE-2020-11592
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-04-06
CVE-2020-11593
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-04-06
CVE-2020-11594
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-04-06
CVE-2020-11595
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-04-06
CVE-2020-11596
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.
CVSS Score
7.5
EPSS Score
0.019
Published
2020-04-06
CVE-2020-11597
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-04-06
CVE-2020-11598
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
CVSS Score
9.8
EPSS Score
0.032
Published
2020-04-06
CVE-2020-11599
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved