How severe is CVE-2019-10141?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-10141?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2019-10141 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

Related Vulnerabilities

CVE-2011-1151

CRITICAL

CVSS:9.1(Critical)

Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

CWE-892011

CVE-2016-1154

CRITICAL

CVSS:9.1(Critical)

SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CWE-892016

CVE-2016-8640

CRITICAL

CVSS:9.1(Critical)

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to....

CWE-892016

CVE-2016-9272

CRITICAL

CVSS:9.1(Critical)

A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.

CWE-892016

CVE-2017-3549

CRITICAL

CVSS:9.1(Critical)

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12...

CWE-892017

CVE-2018-1282

CRITICAL

CVSS:9.1(Critical)

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementa...

CWE-892018