← volver
CVE-2019-11897

Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software

CVSS 8.6 HIGHEPSS 1.8%CWE-918
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Productos afectados
Bosch · IoT Gateway SoftwareProSyst · mBS SDK

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html