Shodan
Vulnerabilities
Vulnerable Software
Cipplanner:  >> Cipace  >> 6.80  Security Vulnerabilities
CVE-2020-11586
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
CVSS Score
9.8
EPSS Score
0.019
Published
2020-04-06
CVE-2020-11587
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-04-06
CVE-2020-11589
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-04-06
CVE-2020-11590
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.
CVSS Score
5.3
EPSS Score
0.006
Published
2020-04-06
CVE-2020-11591
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-04-06
CVE-2020-11592
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-04-06
CVE-2020-11593
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-04-06
CVE-2020-11594
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-04-06
CVE-2020-11595
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-04-06
CVE-2020-11596
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.
CVSS Score
7.5
EPSS Score
0.019
Published
2020-04-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved