CVE-2020-11587

High

7.5/10

Summary

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published Apr 06, 2020

CVE-2020-11587

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS