For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ABB
Published: 2020-04-02T19:46:36
Updated: 2024-08-05T02:09:39.266Z
Reserved: 2019-11-18T00:00:00
Link: CVE-2019-19089
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-02T20:15:14.423
Modified: 2023-05-16T20:21:29.777
Link: CVE-2019-19089
Redhat
No data.