CVE-2024-50619

Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17

Description Issues in the My Account and User Management components allow for access escalation. A user with low privileges can gain access to other accounts by manipulating the client’s user ID to modify account information. Additionally, a low-privileged authenticated user can elevate system privileges by modifying information associated with a disabled user role in the client.

Recommendations Update to version 9.17 or later.