CVE-2019-10477

Name: CVE-2019-10477
Creator: NVD / NIST
Published: 2019-03-29T14:29:00.53+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.79%

Last modified Jun 17, 2026

CVE-2019-10477 is a vulnerability of currently unknown severity. The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.. EPSS estimates a 1.79% chance of exploitation in the next 30 days.

Description

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.

Metrics

EPSS Probability

1.79%

75.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-19

Affected Software

Vendor	Product	Versions
Fusioninventory	Fusioninventory	< 1.4
Fusioninventory	Fusioninventory	< 1.1

References

https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3aPatch, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/260a864...e1f776dPatch, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/cec774a...baa4158Patch, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.3%2B1.4Product, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.4%2B1.1Product, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/commit/0f777f85773b18f5252e79afa1929fcdc4858c3aPatch, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/260a864...e1f776dPatch, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/compare/cec774a...baa4158Patch, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.3%2B1.4Product, Third Party Advisory
https://github.com/fusioninventory/fusioninventory-for-glpi/releases/tag/glpi9.4%2B1.1Product, Third Party Advisory

Timeline

Published: Mar 29, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-10477?

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions.

How severe is CVE-2019-10477?

Severity scoring for CVE-2019-10477 is pending analysis. The EPSS model estimates a 1.79% probability of exploitation in the next 30 days.

How do I fix CVE-2019-10477?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-10477?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST