Main Vulnerability Database Vulnerabilities #VU26062

#VU26062 Sensitive Cookie Without 'HttpOnly' Flag in eSOMS - CVE-2019-19003

Published: March 13, 2020

Vulnerability identifier: #VU26062

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19003

CWE-ID: CWE-1004

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
eSOMS

Software vendor:
ABB

Description

The vulnerability allows a remote attacker to read the contents of a cookie and exfiltrate information obtained.

The vulnerability exists due to the "HTTPOnly" flag is not set. This can allow JavaScript to access the cookie contents, which in turn might enable cross-site scripting.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-072-01
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

#VU26062 Sensitive Cookie Without 'HttpOnly' Flag in eSOMS - CVE-2019-19003

Description

Remediation

External links

Please verify you're human