← Back

CVE-2024-50617

nvd nist
Published: Feb 11, 2026Modified: Feb 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. An authenticated user can easily change the file id parameter or pass the physical file path in the URL query string to retrieve the files. (Retrieval is not intended without correct data access configured for documents.)

Affected (1)

Products: Cipplanner: Cipace
Cipplanner
1 product
Cipace
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Cipace
Before 9.17

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (1)

Source: cve@mitre.org
Vendor Advisory

Timeline

No history available yet.