How severe is CVE-2019-1690?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2019-1690?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2019-1690

MEDIUM Year: 2019

CVSS v3 Score

4.3

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability in the management interface of Cisco Application Policy Infrastructure Controller (APIC) software could allow an unauthenticated, adjacent attacker to gain unauthorized access on an affected device. The vulnerability is due to a lack of proper access control mechanisms for IPv6 link-local connectivity imposed on the management interface of an affected device. An attacker on the same physical network could exploit this vulnerability by attempting to connect to the IPv6 link-local address on the affected device. A successful exploit could allow the attacker to bypass default access control restrictions on an affected device. Cisco Application Policy Infrastructure Controller (APIC) devices running versions prior to 4.2(0.21c) are affected.

CVE-2011-4181

MEDIUM

CVSS:4.3(Medium)

A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including ve...

CWE-2842011

CVE-2014-125054

MEDIUM

CVSS:4.3(Medium)

A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. Th...

CWE-2842014

CVE-2015-3163

MEDIUM

CVSS:4.3(Medium)

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAK...

CWE-2842015

CVE-2015-8021

MEDIUM

CVSS:4.3(Medium)

Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 befo...

CWE-2842015

CVE-2016-0222

MEDIUM

CVSS:4.3(Medium)

IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors.

CWE-2842016

CVE-2016-0289

MEDIUM

CVSS:4.3(Medium)

shiprec.xml in the SHIPREC application in IBM Maximo Asset Management 7.1 and 7.5 before 7.5.0.10 and 7.6 before 7.6.0.4 allows remote authenticated users to bypass intended item-selection restriction...

CWE-2842016

CVE-2019-1690

Vulnerability Description

Related Vulnerabilities

CVE-2011-4181

CVE-2014-125054

CVE-2015-3163

CVE-2015-8021

CVE-2016-0222

CVE-2016-0289