7 matches found
CVE-2020-6768
CVE-2020-6768 is a path-traversal vulnerability in Bosch Video Management System (BVMS) NoTouch deployment that allows an unauthenticated remote attacker to read arbitrary files from the Central Server. Affected are BVMS during versions 10.0.0.1225 and earlier (10.x, 9.x, 8.x, 7.5 and older), BVM...
CVE-2020-6767
CVE-2020-6767 describes a path traversal vulnerability in Bosch BVMS FileTransferService that allows an authenticated remote attacker to read arbitrary files from the Central Server. Affected software includes Bosch BVMS (versions 10.0.0.1225 and 9.0.0.827 and 8.0.329, plus 7.5 and older) and BVM...
CVE-2020-6785
This CVE (CVE-2020-6785) describes a code execution vulnerability in Bosch BVMS and BVMS Viewer via Loading a DLL through an Uncontrolled Search Path Element. Affected are BVMS versions 10.1.0, 10.0.1, 10.0.0, 9.0.0 and older, including BVMS installers and installed BVMS, plus related DIVAR IP pr...
CVE-2019-11684
The CVE-2019-11684 entry covers an improper access control flaw in the RCP+ server of the Bosch Video Recording Manager (VRM) component. It allows arbitrary, unauthenticated access to a limited subset of certificates stored by Windows. Affected products/versions include VRM v3.70.x, VRM v3.71 up ...
CVE-2019-8951
CVE-2019-8951 is an Open Redirect vulnerability in the Bosch webserver affecting multiple products. Affected hardware: DIVAR IP 2000 and 5000 with vulnerable firmware versions (DIVAR IP 2000: 3.10–3.62; fixed 3.62.0019+; DIVAR IP 5000: 3.10–3.62; fixed 3.80.0033+). Affected software: Video Record...
CVE-2019-8952
CVE-2019-8952 is a path-traversal vulnerability in Bosch webserver affecting multiple products: DIVAR IP 2000/5000, Video Recording Manager (VRM), and BVMS. A remote authorized user could access arbitrary files via the network interface. Vulnerable versions and fixed versions are detailed for eac...
CVE-2023-28175
CVE-2023-28175 concerns Bosch VMS, where the SSH server permits a remote authenticated user to access resources on the trusted internal network via a port forwarding request due to improper authorization. Affected products are Bosch VMS versions 11.0, 11.1.0, and 11.1.1. The CVE entry is corrobor...