CVE-2019-19089

Summary

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript.

Affected Software

VendorProductVersion RangeStatus
ABBeSOMS4.0 to 6.0.3affected

Weaknesses

  • CWE-16: CWE-16 Configuration

ADP Enrichment

CVE Program Container

Additional References

References