{"vulnerability": "cve-2019-1909", "sightings": [{"uuid": "373eb5ea-3949-4ced-94d2-125022b41c25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19090", "type": "seen", "source": "https://t.me/cibsecurity/10968", "content": "ATENTION\u203c New - CVE-2019-19090\n\nFor ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header. Unencrypted connections might access the cookie information, thus making it susceptible to eavesdropping.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T01:28:08.000000Z"}, {"uuid": "e6434020-e96b-4098-9f8c-853b32739e60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19097", "type": "seen", "source": "https://t.me/cibsecurity/10960", "content": "ATENTION\u203c New - CVE-2019-19097\n\nABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers. If a connection is enabled using such a cipher, an attacker might be able to eavesdrop and/or intercept the connection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T00:58:29.000000Z"}, {"uuid": "d6ac5b96-49d0-4026-b642-9ce04f31e407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19096", "type": "seen", "source": "https://t.me/cibsecurity/10961", "content": "ATENTION\u203c New - CVE-2019-19096\n\nThe Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text. If an attacker has file system access, this can potentially compromise the credentials' confidentiality.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T00:58:31.000000Z"}, {"uuid": "96ba270a-19ba-40ba-ac64-d85a91e6321d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19095", "type": "seen", "source": "https://t.me/cibsecurity/10962", "content": "ATENTION\u203c New - CVE-2019-19095\n\nLack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T00:58:32.000000Z"}, {"uuid": "f2aaa940-b133-442a-b40f-ff8a7c9b33b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19094", "type": "seen", "source": "https://t.me/cibsecurity/10963", "content": "ATENTION\u203c New - CVE-2019-19094\n\nLack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T00:58:33.000000Z"}, {"uuid": "a0ab9b0e-59f0-4fbe-a6e3-7c1229bcd823", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19093", "type": "seen", "source": "https://t.me/cibsecurity/10964", "content": "ATENTION\u203c New - CVE-2019-19093\n\neSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T00:58:34.000000Z"}, {"uuid": "1fb1bd15-09db-4c9a-9db1-e84bd4a430c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19092", "type": "seen", "source": "https://t.me/cibsecurity/10966", "content": "ATENTION\u203c New - CVE-2019-19092\n\nABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T01:28:06.000000Z"}, {"uuid": "5678fe68-475c-4863-b138-df38d7afce75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-19091", "type": "seen", "source": "https://t.me/cibsecurity/10967", "content": "ATENTION\u203c New - CVE-2019-19091\n\nFor ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application. An attacker might use this detail information to specifically craft the attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-04-03T01:28:07.000000Z"}, {"uuid": "da715e55-8c1b-4428-878c-9cced1a718c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1909", "type": "seen", "source": "https://t.me/cveNotify/275", "content": "\ud83d\udea8 #CVE-2019-1909\nA vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. The vulnerabi... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1909\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2019-07-06T04:59:58.000000Z"}]}