Unauthenticated Viewstate Tampering Vulnerability in ABB eSOMS Versions 4.0 to 6.0.3

Unauthenticated Viewstate Tampering Vulnerability in ABB eSOMS Versions 4.0 to 6.0.3

CVE-2019-19092 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.

Learn more about our Web Application Penetration Testing UK.