CVE-2019-19091

EPSS 0.23%
Veröffentlicht 02.04.2020 20:15:14
Zuletzt bearbeitet 21.11.2024 04:34:11
Quelle cybersecurity@ch.abb.com
CVE-Watchlists
Login
Unerledigt
Login

ABB eSOMS: HTTP response information leakage

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hitachienergy ≫ Esoms Version >= 4.0 <= 6.0.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.453

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
cybersecurity@ch.abb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-202 Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-19091

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-19091

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-19091

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-19091