CVE-2019-19001

Name of the Vulnerable Software and Affected Versions ABB eSOMS versions 4.0 to 6.0.2

Description The issue is related to the absence of the X-Frame-Options header in the HTTP response, which can potentially allow 'ClickJacking' attacks. This type of attack occurs when an attacker frames parts of the application on a malicious website, potentially revealing sensitive user information such as authentication credentials. An attacker, acting remotely, can exploit this issue to disclose authentication credentials and conduct clickjacking attacks.

Recommendations For ABB eSOMS versions 4.0 to 6.0.2, consider configuring the X-Frame-Options header in the HTTP response to prevent 'ClickJacking' attacks. As a temporary workaround, restrict access to sensitive user information and authentication credentials until the issue is resolved.