exploitDog

CVE-2020-11595

Опубликовано: 06 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.

Ссылки

https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/
Exploit
Third Party Advisory
https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cipplanner:cipace:*:*:*:*:*:*:*:*

Версия до 9.1 (исключая)

EPSS

Процентиль: 76%

0.00967

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5w5x-r596-74gr

github

больше 3 лет назад

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.

EPSS

Процентиль: 76%

0.00967

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo