Vulnerabilities > Bosch > Prosyst MBS SDK > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-21 CVE-2019-11603 Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.
network
low complexity
bosch CWE-22
5.0
2019-08-21 CVE-2019-11602 Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.
network
low complexity
bosch CWE-209
5.0
2019-08-21 CVE-2019-11897 Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs.
network
low complexity
bosch CWE-918
5.0