CVE-2024-50617

HIGH

7.5

Beschreibung

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/11/2026

Zuletzt geandert2/13/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

cipplanner:cipace

Schwachen (CWE)

CWE-285

Referenzen

https://cipplanner.com/cve-2024-50617-cve-public-notification-of-resolution/(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.