What is CVE-2019-10477?

CVE-2019-10477 is a high-severity software vulnerability (CWE-19) with a CVSS score of 7.5. The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.

Is CVE-2019-10477 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 2%.

What products does CVE-2019-10477 affect?

Tracked products affected include GLPI. Check the version you run to see whether it is affected.

How do I fix CVE-2019-10477?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2019-10477

HIGH severity · CVSS 7.5 · CWE-19

7.5CVSS HIGH

Summary

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactHigh

Availability impactNone

Exploit probability (EPSS)2%

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products we track (1)

GLPI

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3a ↗

Additional information

NVD record
https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3aPatch
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/260a864...e1f776dPatch
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/cec774a...baa4158Patch
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.3%2B1.4Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.4%2B1.1Advisory