Vulnerabilities > Bosch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-12 | CVE-2019-11899 | Information Exposure vulnerability in Bosch Access 2.1/3.3/3.7 An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. | 4.0 |
| 2019-09-12 | CVE-2019-11898 | Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. | 6.5 |
| 2019-08-21 | CVE-2019-11603 | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | 5.0 |
| 2019-08-21 | CVE-2019-11602 | Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | 5.0 |
| 2019-08-21 | CVE-2019-11601 | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location. | 7.5 |
| 2019-08-21 | CVE-2019-11897 | Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. | 5.0 |
| 2019-05-29 | CVE-2019-11896 | Permission Issues vulnerability in Bosch Smart Home Controller Firmware A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. | 6.8 |
| 2019-05-29 | CVE-2019-11895 | Improper Access Control vulnerability in Bosch Smart Home Controller Firmware A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. | 7.1 |
| 2019-05-29 | CVE-2019-11894 | Improper Access Control vulnerability in Bosch Smart Home Controller Firmware A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. | 2.9 |
| 2019-05-29 | CVE-2019-11893 | Permission Issues vulnerability in Bosch Smart Home Controller Firmware A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. | 4.9 |