CVE-2019-10477

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 8

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Glpi-project ≫ Glpi Version >= 9.3.0 <= 9.3.3

Glpi-project ≫ Glpi Version >= 9.4.0 <= 9.4.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.79%	0.754

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3a

Patch

Third Party Advisory

https://github.com/fusioninventory/fusioninventory-for-glpi/compare/260a864...e1f776d

Patch

Third Party Advisory

https://github.com/fusioninventory/fusioninventory-for-glpi/compare/cec774a...baa4158

Patch

Third Party Advisory

https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.3%2B1.4

Third Party Advisory

Product

https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.4%2B1.1

Third Party Advisory

Product

CVE Source (NVD)

CVE Source (JSON)

EUVD

Team-orientierte Vulnerability Management Plattform