Vulnerabilities > Bosch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2021-23854 | Cross-site Scripting vulnerability in Bosch products An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. | 4.3 |
| 2021-03-25 | CVE-2020-6790 | Uncontrolled Search Path Element vulnerability in Bosch Video Streaming Gateway Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-03-25 | CVE-2020-6789 | Uncontrolled Search Path Element vulnerability in Bosch Monitor Wall 10.00.0164 Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-03-25 | CVE-2020-6788 | Uncontrolled Search Path Element vulnerability in Bosch Configuration Manager Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-03-25 | CVE-2020-6787 | Uncontrolled Search Path Element vulnerability in Bosch Video Client 1.7.6.079 Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-03-25 | CVE-2020-6786 | Uncontrolled Search Path Element vulnerability in Bosch Video Recording Manager Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-03-25 | CVE-2020-6785 | Uncontrolled Search Path Element vulnerability in Bosch products Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-03-25 | CVE-2020-6771 | Uncontrolled Search Path Element vulnerability in Bosch IP Helper 1.00.0008 Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system. | 6.9 |
| 2021-01-26 | CVE-2020-6780 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash. | 4.0 |
| 2021-01-14 | CVE-2020-6776 | Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). | 6.8 |