Main Vulnerability Database Vulnerabilities #VU26064

#VU26064 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in eSOMS - CVE-2019-19090

Published: March 13, 2020

Vulnerability identifier: #VU26064

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-19090

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
eSOMS

Software vendor:
ABB

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the affected software does not set the secure attribute on authorization tokens or session cookies. A remote authenticated attacker can intercept the transmission and obtain information from the cookie in clear text.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsa-20-072-01
https://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A9964&LanguageCode=en&DocumentPartId=&Action=Launch