Vulnerabilities > Bosch > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-16 | CVE-2020-6781 | Improper Certificate Validation vulnerability in Bosch Smart Home Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | 5.8 |
2020-02-07 | CVE-2020-6768 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. | 5.0 |
2020-02-07 | CVE-2020-6769 | Missing Authentication for Critical Function vulnerability in Bosch products Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. | 6.4 |
2020-02-06 | CVE-2020-6767 | Path Traversal vulnerability in Bosch products A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. | 4.0 |
2019-09-12 | CVE-2019-11899 | Information Exposure vulnerability in Bosch Access 2.1/3.3/3.7 An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. | 4.0 |
2019-09-12 | CVE-2019-11898 | Use of Hard-coded Credentials vulnerability in Bosch Access 2.1/3.3/3.7 Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. | 6.5 |
2019-08-21 | CVE-2019-11603 | Path Traversal vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. | 5.0 |
2019-08-21 | CVE-2019-11602 | Information Exposure Through an Error Message vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. | 5.0 |
2019-08-21 | CVE-2019-11897 | Server-Side Request Forgery (SSRF) vulnerability in Bosch IOT Gateway Software and Prosyst MBS SDK A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. | 5.0 |
2019-05-29 | CVE-2019-11896 | Permission Issues vulnerability in Bosch Smart Home Controller Firmware A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. | 6.8 |