An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
CVE-2019-0703
Score elevated to 9.0 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2022-05-23), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 6.5 retained for reference. Confidence: HIGH.
- Actively exploited in the wild (CISA-KEV)
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 6.5
- EG Score
- 9.0(high)
- EPSS
- 94.9%
- KEV
- ⚠ Exploited
Published
April 9, 2019
Last Modified
October 29, 2025
Advisory Details (2)
Auto-updated Jun 12, 2026Known Exploited Vulnerabilities Catalog | CISA
Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0703Security Update Guide - Microsoft Security Response Center
Security Update Guide - Microsoft Security Response Center. Patch available via Microsoft Security Update
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703All Vendor Advisories
(1)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Frequently asked(6)
What is CVE-2019-0703?
When was CVE-2019-0703 disclosed?
Is CVE-2019-0703 actively exploited?
What is the CVSS score of CVE-2019-0703?
Which products are affected by CVE-2019-0703?
How do I remediate CVE-2019-0703?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2019-0703
Is Your Infrastructure Affected by CVE-2019-0703?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.