4 matches found
CVE-2019-19090
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping...
nbb.be Cross Site Scripting vulnerability OBB-1234089
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2019-19090
creationtimestamp| type| source ---|---|--- 2020-04-03 01:28:08+00:00| seen| https://t.me/cibsecurity/10968...
CVE-2019-19090
CVE-2019-19090 affects ABB eSOMS 4.0–6.0.2 where the Secure flag is not set in HTTP response headers, allowing potential exposure of cookies over unencrypted connections. Impact is the eavesdropping of cookie data; CVSS v3 base score 3.5 (Low). Mitigation: upgrade to ABB eSOMS 6.0.3 or 6.1 where ...