Every CVE whose affected-product data names Cipplanner Cipace, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2020-11597 — CVSS 9.8 (critical): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL…
CVE-2020-11586 — CVSS 9.8 (critical): An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains…
CVE-2020-11598 — CVSS 9.8 (critical): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by…
CVE-2024-50620 — CVSS 8.8 (high): Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner…
CVE-2024-50619 — CVSS 8.8 (high): Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access…
CVE-2024-50617 — CVSS 7.5 (high): Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download…
CVE-2020-11587 — CVSS 7.5 (high): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content…
CVE-2020-11593 — CVSS 7.5 (high): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected…
CVE-2020-11594 — CVSS 7.5 (high): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack…
CVE-2020-11595 — CVSS 7.5 (high): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the…
CVE-2020-11596 — CVSS 7.5 (high): A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET…
CVE-2020-11589 — CVSS 7.5 (high): An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a…
CVE-2020-11592 — CVSS 7.5 (high): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns…
CVE-2020-11599 — CVSS 7.5 (high): An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password…
CVE-2020-11590 — CVSS 5.3 (medium): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to…
CVE-2020-11588 — CVSS 5.3 (medium): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files…
CVE-2020-11591 — CVSS 5.3 (medium): An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full…
CVE-2024-50618 — CVSS 4.3 (medium): A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to…