Lucene search

MitreCVELIST:CVE-2019-11684

HistoryMay 09, 2019 - 12:00 a.m.

CVE-2019-11684 Improper Access Control in Bosch Video Recording Manager

2019-05-0900:00:00

mitre

www.cve.org

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

References

psirt.bosch.com/security-advisories/bosch-sa-804652.html

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.2%

JSON

Related for CVELIST:CVE-2019-11684