CVE-2020-11591 : An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenti

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.

Published 2020-04-06 22:15:13

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-11591

Cipplanner » Cipace
Versions before (<) 9.1
cpe:2.3:a:cipplanner:cipace:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-11591

EPSS FAQ

0.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11591

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2020-11591

https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/

Vulnerabilities Discovered in CIPAce Enterprise Platform | Critical Start
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11591

Products affected by CVE-2020-11591

Exploit prediction scoring system (EPSS) score for CVE-2020-11591

CVSS scores for CVE-2020-11591

References for CVE-2020-11591