CVE-2019-1903

Name of the Vulnerable Software and Affected Versions Cisco Security Manager (affected versions not specified)

Description A vulnerability could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The issue is due to improper restrictions on XML entities. An attacker could exploit this by sending malicious requests to a targeted system that contain references within XML entities. This could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.