Abb Esoms
13 CVEs affecting Abb Esoms. Latest disclosed: 2020-04-02. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-19094 | High | 7.6 | 2020-04-02 | Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. |
CVE-2019-19001 | Medium | 6.5 | 2020-04-02 | For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an… |
CVE-2019-19000 | Medium | 6.5 | 2020-04-02 | For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. This can potentially… |
CVE-2019-19093 | Medium | 6.5 | 2020-04-02 | eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords. |
CVE-2019-19002 | Medium | 6.3 | 2020-04-02 | For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supportin… |
CVE-2019-19096 | Medium | 6.1 | 2020-04-02 | The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can po… |
CVE-2019-19089 | Medium | 6.1 | 2020-04-02 | For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted… |
CVE-2019-19097 | Medium | 5.9 | 2020-04-02 | ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to… |
CVE-2019-19095 | Medium | 5.4 | 2020-04-02 | Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing m… |
CVE-2019-19003 | Medium | 5.3 | 2020-04-02 | For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Si… |
CVE-2019-19091 | Medium | 4.3 | 2020-04-02 | For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail infor… |
CVE-2019-19092 | Low | 3.5 | 2020-04-02 | ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed. |
CVE-2019-19090 | Low | 3.5 | 2020-04-02 | For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus… |