Vulnerability Description
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
CVSS Score
3.5
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachienergy | Esoms | >= 4.0, <= 6.0.2 |
Related Weaknesses (CWE)
References
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageVendor Advisory
- https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageVendor Advisory
FAQ
What is CVE-2019-19090?
CVE-2019-19090 is a vulnerability with a CVSS score of 3.5 (LOW). For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
How severe is CVE-2019-19090?
CVE-2019-19090 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19090?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachienergy Esoms.