How severe is CVE-2019-1940?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-1940?

This is classified as CWE-310, which is a common weakness in software security.

CVE-2019-1940

MEDIUM Year: 2019

CVSS v3 Score

5.3

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-310

View all →

Vulnerability Description

A vulnerability in the Web Services Management Agent (WSMA) feature of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509 certificate validation when establishing a WSMA connection. An attacker could exploit this vulnerability by supplying a crafted X.509 certificate during the WSMA connection setup phase. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on WSMA connections to the affected software. At the time of publication, this vulnerability affected Cisco IND Software releases prior to 1.7.

CVE-2011-4461

MEDIUM

CVSS:5.3(Medium)

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service ...

CWE-3102011

CVE-2013-5391

MEDIUM

CVSS:5.3(Medium)

IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and...

CWE-3102013

CVE-2016-1000339

MEDIUM

CVSS:5.3(Medium)

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if t...

CWE-3102016

CVE-2016-10099

MEDIUM

CVSS:5.3(Medium)

Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.

CWE-3102016

CVE-2016-1948

MEDIUM

CVSS:5.3(Medium)

Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modif...

CWE-3102016

CVE-2016-9346

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.

CWE-3102016

CVE-2019-1940

Vulnerability Description

Related Vulnerabilities

CVE-2011-4461

CVE-2013-5391

CVE-2016-1000339

CVE-2016-10099

CVE-2016-1948

CVE-2016-9346