Information Disclosure: Server Name Exposure in CIPPlanner CIPAce 9.1 Build 2019092801

CVE-2020-11590 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name.

Learn more about our Cis Benchmark Audit For Server Software.