Vulnerabilities > Hitachienergy > Esoms > 6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2019-19092 | Missing Authentication for Critical Function vulnerability in Hitachienergy Esoms ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). | 3.5 |
| 2020-04-02 | CVE-2019-19091 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. | 4.3 |
| 2020-04-02 | CVE-2019-19090 | Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. | 3.5 |
| 2020-04-02 | CVE-2019-19089 | Interpretation Conflict vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. | 6.1 |
| 2020-04-02 | CVE-2019-19003 | Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. | 6.1 |
| 2020-04-02 | CVE-2019-19002 | Cross-site Scripting vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. | 5.4 |
| 2020-04-02 | CVE-2019-19001 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Esoms 4.0/6.0/6.0.2 For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. | 6.5 |
| 2020-04-02 | CVE-2019-19000 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. | 6.5 |