CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-19002

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. For older web browser not supporting Content Security Policy, this might increase the risk of Cross Site Scripting.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.5%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 3.5

References

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

Products affected by CVE-2019-19002

Hitachienergy » Esoms » Version: 4.0

cpe:2.3:a:hitachienergy:esoms:4.0
Hitachienergy » Esoms » Version: 6.0

cpe:2.3:a:hitachienergy:esoms:6.0
Hitachienergy » Esoms » Version: 6.0.2

cpe:2.3:a:hitachienergy:esoms:6.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-19002

Products

Pricing

Contact Us