VYPR
Unrated severityNVD Advisory· Published Apr 2, 2020· Updated Aug 5, 2024

eSOMS X-FrameOption

CVE-2019-19001

Description

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.

Affected products

2
  • Hitachi/eSOMSllm-fuzzy
    Range: 4.0 to 6.0.2
  • ABB/eSOMSv5
    Range: 4.0 to 6.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.