CVE-2019-19001

CWE-16CWE-1021Clickjacking3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 40.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hitachienergy EsomsABB Esoms
Timeline
PublishedApr 2
Latest updateMay 24

Description

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDhitachienergy/esoms4.06.0.2
CVEListV5abb/esoms4.0 to 6.0.2

🔴Vulnerability Details

2
GHSA
GHSA-g26h-g3h8-pq5x: For ABB eSOMS versions 42022-05-24
CVEList
eSOMS X-FrameOption2020-04-02
CVE-2019-19001 (MEDIUM CVSS 6.5) | For ABB eSOMS versions 4.0 to 6.0.2 | cvebase.io