CVE-2019-19090

Name of the Vulnerable Software and Affected Versions ABB eSOMS versions 4.0 to 6.0.2

Description The issue is related to the absence of the Secure Flag in the HTTP response header, which may allow unencrypted connections to access cookie information, making it susceptible to eavesdropping. This could enable a remote attacker to gain unauthorized access to protected information.

Recommendations For ABB eSOMS versions 4.0 to 6.0.2, consider implementing HTTPS to encrypt connections and prevent eavesdropping. As a temporary workaround, restrict access to sensitive information until a patch is available. Ensure that all connections to the ABB eSOMS use encrypted protocols to protect cookie information.