CVE-2024-50619
Privilege Escalation via User ID Tampering in CIPPlanner CIPAce
Publication date: 2026-02-11
Last updated on: 2026-02-13
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cipplanner | cipace | to 9.17 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the My Account and User Management components of CIPPlanner CIPAce versions before 9.17. It allows a low-privileged authenticated user to escalate their access levels by tampering with the clientβs user ID. Specifically, the attacker can gain access to other users' accounts by modifying the user ID to change account information. Additionally, the attacker can elevate their system privileges by altering the information of a user role that is disabled in the client.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to other users' accounts and unauthorized privilege escalation within the system. An attacker with low privileges can manipulate user IDs to access or modify account information that should be restricted. This can compromise the confidentiality and integrity of user data and system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know