Vulnerabilities > Hitachienergy > Esoms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-02 | CVE-2019-19092 | Missing Authentication for Critical Function vulnerability in Hitachienergy Esoms ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). | 3.5 |
| 2020-04-02 | CVE-2019-19091 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. | 4.3 |
| 2020-04-02 | CVE-2019-19090 | Missing Encryption of Sensitive Data vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. | 3.5 |
| 2020-04-02 | CVE-2019-19089 | Interpretation Conflict vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. | 6.1 |
| 2020-04-02 | CVE-2019-19003 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. | 6.1 |
| 2020-04-02 | CVE-2019-19002 | Cross-site Scripting vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server. | 5.4 |
| 2020-04-02 | CVE-2019-19001 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Esoms For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. | 6.5 |
| 2020-04-02 | CVE-2019-19000 | Information Exposure vulnerability in Hitachienergy Esoms For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response. | 6.5 |
| 2018-08-29 | CVE-2018-14805 | Improper Authentication vulnerability in Hitachienergy Esoms 6.0.2 ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. | 9.8 |