Vulnerabilities (CVE)

Filtered by vendor Cipplanner Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-11598	1 Cipplanner	1 Cipace	2021-07-21	7.5 HIGH	9.8 CRITICAL
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file.
CVE-2020-11597	1 Cipplanner	1 Cipace	2020-04-07	7.5 HIGH	9.8 CRITICAL
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner.
CVE-2020-11586	1 Cipplanner	1 Cipace	2020-04-07	7.5 HIGH	9.8 CRITICAL
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.