CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-19000

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP headers have not been properly configured within the application response. This can potentially allow browsers and proxies to cache sensitive information...

PT-2020-1843 · Abb · Abb Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 3.9 to 6.0.3 Description: The issue is related to a lack of input checks for SQL queries, which might allow an attacker to perform SQL injection attacks against the backend database. This could potentially be exploited by a...

PT-2020-6879 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 through 6.0.3 Description: The issue is related to the improper configuration of the Cache-Control and Pragma HTTP headers within the application response. This can potentially allow browsers and proxies to cache...

PT-2020-6880 · Abb · Esoms

Name of the Vulnerable Software and Affected Versions: ABB eSOMS versions 4.0 through 6.0.2 Description: The issue is related to the absence of the HttpOnly flag in session cookies, which can allow JavaScript to access the cookie contents. This might enable Cross Site Scripting XSS attacks, where...