Cipplanner Cipace
18 CVEs affecting Cipplanner Cipace. Latest disclosed: 2026-02-11. Critical: 3, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-11586 | Critical | 9.8 | 2020-04-06 | An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. |
CVE-2020-11598 | Critical | 9.8 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an… |
CVE-2020-11597 | Critical | 9.8 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the u… |
CVE-2024-50619 | High | 8.8 | 2026-02-11 | Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privi… |
CVE-2024-50620 | High | 8.8 | 2026-02-11 | Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17… |
CVE-2024-50617 | High | 7.5 | 2026-02-11 | Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authen… |
CVE-2020-11587 | High | 7.5 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes run… |
CVE-2020-11599 | High | 7.5 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user. |
CVE-2020-11596 | High | 7.5 | 2020-04-06 | A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL a… |
CVE-2020-11595 | High | 7.5 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that i… |
CVE-2020-11594 | High | 7.5 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown pr… |
CVE-2020-11593 | High | 7.5 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is la… |
CVE-2020-11592 | High | 7.5 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table… |
CVE-2020-11589 | High | 7.5 | 2020-04-06 | An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a cer… |
CVE-2020-11591 | Medium | 5.3 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path alo… |
CVE-2020-11590 | Medium | 5.3 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the i… |
CVE-2020-11588 | Medium | 5.3 | 2020-04-06 | An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer… |
CVE-2024-50618 | Medium | 4.3 | 2026-02-11 | A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection me… |