CVE-2024-50619

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cipplanner.com/cve-2024-50619-cve-public-notification-of-resolution/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cipplanner:cipace:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-11 22:15

Updated : 2026-02-13 21:39

NVD link : CVE-2024-50619

Mitre link : CVE-2024-50619

CVE.ORG link : CVE-2024-50619

JSON object : View

Products Affected

cipplanner

cipace

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-50619", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-11T22:15:50.020", "references": [{"url": "https://cipplanner.com/cve-2024-50619-cve-public-notification-of-resolution/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering with the client's user id to change their account information. A low-privileged authenticated user can elevate his or her system privileges by modifying the information of a user role that is disabled in the client."}, {"lang": "es", "value": "Vulnerabilidades en los componentes Mi Cuenta y Gesti\u00f3n de Usuarios en CIPPlanner CIPAce anterior a la versi\u00f3n 9.17 permiten a los atacantes escalar sus niveles de acceso. Un usuario autenticado de bajo privilegio puede obtener acceso a las cuentas de otras personas manipulando el ID de usuario del cliente para cambiar la informaci\u00f3n de su cuenta. Un usuario autenticado de bajo privilegio puede elevar sus privilegios de sistema modificando la informaci\u00f3n de un rol de usuario que est\u00e1 deshabilitado en el cliente."}], "lastModified": "2026-02-13T21:39:22.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cipplanner:cipace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F5F8D48-AC37-455A-A9AC-7950E70027D7", "versionEndExcluding": "9.17"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}