Main Vulnerability Database Vulnerabilities #VU26062

Sensitive Cookie Without 'HttpOnly' Flag in eSOMS - CVE-2019-19003

Published: March 13, 2020

Vulnerability identifier: #VU26062

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19003

CWE-ID: CWE-1004

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
eSOMS

Detailed vulnerability description

The vulnerability allows a remote attacker to read the contents of a cookie and exfiltrate information obtained.

The vulnerability exists due to the "HTTPOnly" flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable cross-site scripting.

How to mitigate CVE-2019-19003

Install updates from vendor's website.

Sources

https://ics-cert.us-cert.gov/advisories/icsa-20-072-01
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

Sensitive Cookie Without 'HttpOnly' Flag in eSOMS - CVE-2019-19003

Detailed vulnerability description

How to mitigate CVE-2019-19003

Sources

Please verify you're human