CVE-2019-19089

Name of the Vulnerable Software and Affected Versions ABB eSOMS versions 4.0 to 6.0.3

Description The issue is related to the missing X-Content-Type-Options Header in the HTTP response, which could lead to the response body being interpreted as a different content type than declared. This might result in unauthorized code execution via text interpreted as JavaScript. A possible attack scenario involves remote execution of arbitrary code.

Recommendations For ABB eSOMS versions 4.0 to 6.0.3, consider implementing the X-Content-Type-Options Header in the HTTP response to prevent the response body from being misinterpreted. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.