Cipplanner Cipace

18 CVEs affecting Cipplanner Cipace. Latest disclosed: 2026-02-11. Critical: 3, High: 11.

Top CVEs affecting Cipplanner Cipace
CVESeverityScorePublishedSummary
CVE-2020-11586Critical9.82020-04-06An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
CVE-2020-11598Critical9.82020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an…
CVE-2020-11597Critical9.82020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the u…
CVE-2024-50619High8.82026-02-11Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privi…
CVE-2024-50620High8.82026-02-11Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17…
CVE-2024-50617High7.52026-02-11Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authen…
CVE-2020-11587High7.52020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes run…
CVE-2020-11599High7.52020-04-06An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.
CVE-2020-11596High7.52020-04-06A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL a…
CVE-2020-11595High7.52020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that i…
CVE-2020-11594High7.52020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown pr…
CVE-2020-11593High7.52020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is la…
CVE-2020-11592High7.52020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table…
CVE-2020-11589High7.52020-04-06An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a cer…
CVE-2020-11591Medium5.32020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path alo…
CVE-2020-11590Medium5.32020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the i…
CVE-2020-11588Medium5.32020-04-06An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer…
CVE-2024-50618Medium4.32026-02-11A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection me…