CVE-2020-11593

{"id": "CVE-2020-11593", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-04-06T22:15:13.223", "references": [{"url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address."}, {"lang": "es", "value": "Se detect\u00f3 un problema en CIPPlanner CIPAce versi\u00f3n 9.1 Build 2019092801. Un atacante no autenticado puede hacer una petici\u00f3n HTTP POST con datos HTML inyectados que luego son aprovechados para enviar correos electr\u00f3nicos desde una direcci\u00f3n de correo electr\u00f3nico confiable del cliente."}], "lastModified": "2024-11-21T04:58:11.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cipplanner:cipace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538E2B97-C35A-4D1D-9612-0859E5E23181", "versionEndExcluding": "9.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}