Unauthenticated Access to Customer Data and Application Paths in CIPPlanner CIPAce 9.1 Build 2019092801

CVE-2020-11588 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths.

Learn more about our Web Application Penetration Testing UK.