How severe is CVE-2019-1054?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5 out of 10.

What type of vulnerability is CVE-2019-1054?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2019-1054

MEDIUM Year: 2019

CVSS v3 Score

5.0

Medium

CVSS v2 Score

5.1

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass. Additionally, compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass. However, in all cases an attacker would have no way to force a user to view attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. The security update addresses the security feature bypass by correcting how Edge handles MOTW tagging.

CVE-2016-5553

MEDIUM

CVSS:5.0(Medium)

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2017-10221

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulner...

NVD-CWE-Other2017

CVE-2017-10275

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). The supported version that is affected is AK 2013. Easily exploitable...

NVD-CWE-Other2017

CVE-2017-10428

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Difficult to exploit vulnerability allows ...

NVD-CWE-Other2017

CVE-2017-2516

MEDIUM

CVSS:5.0(Medium)

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a cr...

NVD-CWE-Other2017

CVE-2017-3475

MEDIUM

CVSS:5.0(Medium)

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 a...

NVD-CWE-Other2017

CVE-2019-1054

Vulnerability Description

Related Vulnerabilities

CVE-2016-5553

CVE-2017-10221

CVE-2017-10275

CVE-2017-10428

CVE-2017-2516

CVE-2017-3475