Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-19090


For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.


Published

2020-04-02T20:15:14.737

Last Modified

2024-11-21T04:34:10.913

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-16
  • Type: Primary
    CWE-311

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application hitachienergy esoms ≤ 6.0.2 Yes

References