How to fix CVE-2024-50619?

Within 24 hours: Inventory all CIPPlanner CIPAce instances and document current versions; restrict administrative access to the My Account and User Management components to essential personnel only. Within 7 days: Implement compensating controls including network segmentation, audit all user accounts for suspicious privilege escalation, and contact the vendor for patch timeline updates. Within 30 days: Develop and execute a formal migration or upgrade plan to CIPAce 9.17 or later when available; conduct forensic review of access logs for any unauthorized activity.

Is Cipace affected by CVE-2024-50619?

CVE-2024-50619 is a high-severity vulnerability in CIPPlanner CIPAce that allows attackers to escalate their access privileges within user management systems.

CVE-2024-50619

HIGH

2026-02-11 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 11, 2026 - 22:15 nvd

HIGH 8.8

Description

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client.

Analysis

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. [CVSS 8.8 HIGH]

Technical Context

Classified as CWE-269 (Improper Privilege Management). Affects the My Account and User Management component of Cipace. Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client.

Affected Products

Vendor: Cipplanner. Product: Cipace. Versions: up to 9.17. Component: My Account and User Management.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2024-50619 vulnerability details – vuln.today

Back

CVE-2024-50619

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2024-50619

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code