What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2019-19001.

What is the severity of CVE-2019-19001?

The severity of CVE-2019-19001 is medium with a severity value of 6.5.

What is the impact of not configuring the X-Frame-Options header in the HTTP response?

Not configuring the X-Frame-Options header can potentially allow 'ClickJacking' attacks.

How can the X-Frame-Options header be configured to mitigate this vulnerability?

To mitigate this vulnerability, the X-Frame-Options header should be set to 'deny' or 'sameorigin' in the HTTP response.

Where can I find more information about CVE-2019-19001?

More information about CVE-2019-19001 can be found at the following reference: [Link to Reference](https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch)

Vulnerability/
CVE-2019-19001

medium

6.5

CWE

1021 16

2/4/2020

5/8/2024

CVE-2019-19001: eSOMS X-FrameOption

Q: What is the title of this vulnerability?

The title of this vulnerability is 'For ABB eSOMS versions 4.0 to 6.0.2 the X-Frame-Options header is not configured in HTTP response.'

First published: Thu Apr 02 2020(Updated: )

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.

Credit: cybersecurity@ch.abb.com

Affected Software	Affected Version	How to fix
Hitachienergy Esoms	>=4.0<=6.0.2

Never miss a vulnerability like this again

Reference Links

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-19001.
What is the title of this vulnerability?
The title of this vulnerability is 'For ABB eSOMS versions 4.0 to 6.0.2 the X-Frame-Options header is not configured in HTTP response.'
What is the severity of CVE-2019-19001?
The severity of CVE-2019-19001 is medium with a severity value of 6.5.
What is the impact of not configuring the X-Frame-Options header in the HTTP response?
Not configuring the X-Frame-Options header can potentially allow 'ClickJacking' attacks.
How can the X-Frame-Options header be configured to mitigate this vulnerability?
To mitigate this vulnerability, the X-Frame-Options header should be set to 'deny' or 'sameorigin' in the HTTP response.
Where can I find more information about CVE-2019-19001?
More information about CVE-2019-19001 can be found at the following reference: [Link to Reference](https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch)

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/title
agent/last-modified-date
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/hitachienergy
canonical/hitachienergy esoms
version/hitachienergy esoms/4.0
version/hitachienergy esoms/6.0.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.