CVE-2019-19090
LOWHitachi Energy eSOMS 4.0-6.0.2 - Missing Secure Flag in HTTP Response Header
Title source: llmDescription
For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch
Scores
CVSS v3
3.5
EPSS
0.0052
EPSS Percentile
39.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-16
CWE-311
Status
published
Products (1)
hitachienergy/esoms
4.0 - 6.0.2
Published
Apr 02, 2020
Tracked Since
Feb 18, 2026