How severe is CVE-2019-1903?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-1903?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2019-1903 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.

Related Vulnerabilities

CVE-2012-2239

CRITICAL

CVSS:9.1(Critical)

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading...

CWE-6112012

CVE-2012-3363

CRITICAL

CVSS:9.1(Critical)

Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connect...

CWE-6112012

CVE-2013-4333

CRITICAL

CVSS:9.1(Critical)

OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability

CWE-6112013

CVE-2014-0931

CRITICAL

CVSS:9.1(Critical)

Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) CM...

CWE-6112014

CVE-2016-2908

CRITICAL

CVSS:9.1(Critical)

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker ...

CWE-6112016

CVE-2016-3974

CRITICAL

CVSS:9.1(Critical)

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access ...

CWE-6112016