← Back to CVEs
CVE-2020-11586
CRITICAL9.8
Description
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/6/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
cipplanner:cipace
Weaknesses (CWE)
CWE-611
References
https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/(cve@mitre.org)
https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.