EUVD-2021-10788

Malware in sbrugna...

EUVD-2021-10787

Malware in sbrugna...

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

CVE-2021-23862

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

CVE-2021-23862

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

Cross site scripting

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

Design/Logic Flaw

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

Design/Logic Flaw

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

CVE-2021-23862 Authenticated Remote Code Execution

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

CVE-2021-23862

CVE-2021-23862 describes an authenticated command-injection flaw: a crafted configuration packet sent by an authenticated administrative user can execute arbitrary commands in the system context. Affected products include Bosch VRM, DIVAR IP, BVMS with VRM installed, and the VIDEOJET decoder (VJD...

CVE-2021-23861

CVE-2021-23861 affects Bosch VRM and related BVMS/DIVAR IP deployments with VRM installed. The issue allows an administrative user to execute a command that grants access to extended debug functionality, potentially impacting integrity and availability of the installed software. Affected products...

CVE-2021-23861 Possible Access to Debug Functions in Bosch VRM / BVMS

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

CVE-2021-23860

CVE-2021-23860 describes a reflected XSS in Bosch VRM/web interfaces due to an error in a page handler that allows an attacker to modify the HTTP header to exploit the vulnerability. The issue also affects DIVAR IP and BVMS with VRM installed. Publicly available details identify the affected comp...

CVE-2021-23860 Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

Bosch 多款产品跨站脚本漏洞

Bosch Access Professional Edition is an enterprise access control and security management solution.BOSCH VRM is an application software.Bosch BVMS is an application system. BOSCH VRM is an application software.Bosch BVMS is an application system.Bosch Access Easy Controller Bosch Aec is an...

PT-2021-15575 · Bosch · Vrm +3

Name of the Vulnerable Software and Affected Versions: BVMS with VRM installed versions affected versions not specified DIVAR IP versions affected versions not specified VIDEOJET decoder versions affected versions not specified VRM versions affected versions not specified Description: A crafted...

PT-2021-15574 · Bvms +2 · Bvms +2

Name of the Vulnerable Software and Affected Versions: VRM affected versions not specified DIVAR IP with VRM installed affected versions not specified BVMS with VRM installed affected versions not specified Description: The issue allows an user with administrative rights to access extended debug...