CVE-2019-19002: ABB eSOMS X-XSS-Protection not enabled
First published: Thu Apr 02 2020(Updated: )
For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.
Credit: cybersecurity@ch.abb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachienergy Esoms | >=4.0<=6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-19002.
What is the severity of CVE-2019-19002?
CVE-2019-19002 has a severity level of medium with a CVSS score of 5.4.
Which software versions are affected by CVE-2019-19002?
Versions 4.0 to 6.0.2 of ABB eSOMS are affected by CVE-2019-19002.
What is the risk posed by CVE-2019-19002?
CVE-2019-19002 increases the risk of Cross Site Scripting (XSS) for older web browsers that do not support Content Security Policy.
How can I fix CVE-2019-19002?
To fix CVE-2019-19002, update your ABB eSOMS software to a version higher than 6.0.2 that sets the X-XSS-Protection HTTP response header.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/title
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hitachienergy
- canonical/hitachienergy esoms
- version/hitachienergy esoms/4.0
- version/hitachienergy esoms/6.0.2