Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-11684
HistoryFeb 26, 2021 - 4:15 p.m.

CVE-2019-11684

2021-02-2616:15:12
CWE-306
[email protected]
web.nvd.nist.gov
4
bosch vrm
access control
rcp+ server
unauthenticated access
windows os
vulnerability

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.1%

JSON

Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.

Affected configurations

Nvd
Node
boschvideo_recording_managerRange3.703.71.0034
OR
boschvideo_recording_managerRange3.813.81.0050
Node
boschdivar_ip_5000Match-
AND
boschdivar_ip_5000_firmwareRange3.803.80.0039
Node
boschvideo_management_systemMatch3.70.0056
OR
boschvideo_management_systemMatch3.70.0058
OR
boschvideo_management_systemMatch3.70.0060
OR
boschvideo_management_systemMatch3.70.0062
OR
boschvideo_management_systemMatch3.71.0022
OR
boschvideo_management_systemMatch3.71.0029
OR
boschvideo_management_systemMatch3.71.0031
OR
boschvideo_management_systemMatch3.71.0032
OR
boschvideo_management_systemMatch3.81.0032
OR
boschvideo_management_systemMatch3.81.0038
OR
boschvideo_management_systemMatch3.81.0048
VendorProductVersionCPE
boschvideo_recording_manager*cpe:2.3:a:bosch:video_recording_manager:*:*:*:*:*:*:*:*
boschdivar_ip_5000-cpe:2.3:h:bosch:divar_ip_5000:-:*:*:*:*:*:*:*
boschdivar_ip_5000_firmware*cpe:2.3:o:bosch:divar_ip_5000_firmware:*:*:*:*:*:*:*:*
boschvideo_management_system3.70.0056cpe:2.3:a:bosch:video_management_system:3.70.0056:*:*:*:*:*:*:*
boschvideo_management_system3.70.0058cpe:2.3:a:bosch:video_management_system:3.70.0058:*:*:*:*:*:*:*
boschvideo_management_system3.70.0060cpe:2.3:a:bosch:video_management_system:3.70.0060:*:*:*:*:*:*:*
boschvideo_management_system3.70.0062cpe:2.3:a:bosch:video_management_system:3.70.0062:*:*:*:*:*:*:*
boschvideo_management_system3.71.0022cpe:2.3:a:bosch:video_management_system:3.71.0022:*:*:*:*:*:*:*
boschvideo_management_system3.71.0029cpe:2.3:a:bosch:video_management_system:3.71.0029:*:*:*:*:*:*:*
boschvideo_management_system3.71.0031cpe:2.3:a:bosch:video_management_system:3.71.0031:*:*:*:*:*:*:*
Rows per page:
1-10 of 141

Related

cve 1
prion 1
cvelist 1
cve
cve
CVE-2019-11684
2021-02-26 16:15:12
prion
prion
Improper access control
2021-02-26 16:15:00
cvelist
cvelist
CVE-2019-11684 Improper Access Control in Bosch Video Recording Manager
2021-02-26 15:05:45

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.1%

JSON
Related for NVD:CVE-2019-11684
cve1prion1cvelist1