CVE-2019-19000Exposure of Sensitive Information Through Data Queries in Esoms

CWE-16CWE-202Exposure of Sensitive Information Through Data QueriesCWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 56.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hitachienergy EsomsABB Esoms
Timeline
PublishedApr 2
Latest updateMay 24

Description

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDhitachienergy/esoms4.06.0.3
CVEListV5abb/esoms4, 5, 6.0.3+2

🔴Vulnerability Details

2
GHSA
GHSA-p65w-wgpq-h44r: For ABB eSOMS 42022-05-24
CVEList
eSOMS Cachecontrol (Pragma) HTTP Header2020-04-02
CVE-2019-19000 — Hitachienergy Esoms vulnerability | cvebase