Cipace
CVE-2024-50619
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client.
AnalysisAI
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. [CVSS 8.8 HIGH]
Technical ContextAI
Classified as CWE-269 (Improper Privilege Management). Affects the My Account and User Management component of Cipace. Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerab
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerabilit
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated critical severity (CVSS 9.8), this vulnerabilit
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is
An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Rated high severity (CVSS 7.5), this vulnerability i
A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), th
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity (CVSS 7.5), this vulnerability is
An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated high severity
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Rated medium severity (CVSS 5.3), this vulnerability
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today