An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path.Referenceshttps://www.criticalstart.com/vulnerabilities-discovered-in-cipace-enterprise-platform/
