CVE-2020-11595 : An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenti

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.

Published 2020-04-06 22:15:13

Updated 2021-07-21 11:39:24

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-11595

Cipplanner » Cipace
Versions before (<) 9.1
cpe:2.3:a:cipplanner:cipace:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-11595

EPSS FAQ

0.78%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11595

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

References for CVE-2020-11595

https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/

Vulnerabilities Discovered in CIPAce Enterprise Platform | Critical Start
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11595

Products affected by CVE-2020-11595

Exploit prediction scoring system (EPSS) score for CVE-2020-11595

CVSS scores for CVE-2020-11595

References for CVE-2020-11595