Unrated severityNVD Advisory· Published Apr 2, 2020· Updated Aug 5, 2024
eSOMS X-FrameOption
CVE-2019-19001
Description
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
Affected products
2- ABB/eSOMSv5Range: 4.0 to 6.0.2
Patches
Vulnerability mechanics
References
1- search.abb.com/library/Download.aspxmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.