← voltar
CVE-2019-11897

Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software

CVSS 8.6 HIGHEPSS 1.8%CWE-918
A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
Bosch · IoT Gateway SoftwareProSyst · mBS SDK

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html