Cipplanner

Cipace

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-50619

  • EPSS 0.05%
  • Veröffentlicht 11.02.2026 00:00:00
  • Zuletzt bearbeitet 13.02.2026 21:39:22

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the c...

7.5

CVE-2024-50617

  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 00:00:00
  • Zuletzt bearbeitet 13.02.2026 21:38:59

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the ...

8.8

CVE-2024-50620

  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 00:00:00
  • Zuletzt bearbeitet 20.02.2026 20:18:37

Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text edito...

4.3

CVE-2024-50618

  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 15:01:29

A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. When the system is configured to allow login with internal accounts, an attacker c...

7.5

CVE-2020-11587

Exploit
  • EPSS 0.97%
  • Veröffentlicht 06.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:11

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.

9.8

CVE-2020-11586

Exploit
  • EPSS 1.91%
  • Veröffentlicht 06.04.2020 23:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:10

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.

9.8

CVE-2020-11597

Exploit
  • EPSS 2.42%
  • Veröffentlicht 06.04.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:12

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.

7.5

CVE-2020-11599

Exploit
  • EPSS 0.36%
  • Veröffentlicht 06.04.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:12

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user.

9.8

CVE-2020-11598

Exploit
  • EPSS 3.19%
  • Veröffentlicht 06.04.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:12

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.

7.5

CVE-2020-11596

Exploit
  • EPSS 1.9%
  • Veröffentlicht 06.04.2020 22:15:13
  • Zuletzt bearbeitet 21.11.2024 04:58:12

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server.