Unauthenticated Information Disclosure in CIPPlanner CIPAce 9.1 Build 2019092801

CVE-2020-11591 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name.

Learn more about our Api Penetration Testing.