CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11897

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.018

EPSS Ranking 75.4%

CVSS Severity

CVSS v3 Score 8.6

CVSS v2 Score 5.0

References

Products affected by CVE-2019-11897

Bosch » Iot Gateway Software » Version: N/A

cpe:2.3:a:bosch:iot_gateway_software:-
Bosch » Iot Gateway Software » Version: 9.0.0

cpe:2.3:a:bosch:iot_gateway_software:9.0.0
Bosch » Iot Gateway Software » Version: 9.0.1

cpe:2.3:a:bosch:iot_gateway_software:9.0.1
Bosch » Iot Gateway Software » Version: 9.0.2

cpe:2.3:a:bosch:iot_gateway_software:9.0.2
Bosch » Iot Gateway Software » Version: 9.0.3

cpe:2.3:a:bosch:iot_gateway_software:9.0.3
Bosch » Iot Gateway Software » Version: 9.0.4

cpe:2.3:a:bosch:iot_gateway_software:9.0.4
Bosch » Iot Gateway Software » Version: 9.1.0

cpe:2.3:a:bosch:iot_gateway_software:9.1.0
Bosch » Iot Gateway Software » Version: 9.1.1

cpe:2.3:a:bosch:iot_gateway_software:9.1.1
Bosch » Iot Gateway Software » Version: 9.2.0

cpe:2.3:a:bosch:iot_gateway_software:9.2.0
Bosch » Prosyst Mbs Sdk » Version: N/A

cpe:2.3:a:bosch:prosyst_mbs_sdk:-
Bosch » Prosyst Mbs Sdk » Version: 7.5

cpe:2.3:a:bosch:prosyst_mbs_sdk:7.5
Bosch » Prosyst Mbs Sdk » Version: 7.5.1

cpe:2.3:a:bosch:prosyst_mbs_sdk:7.5.1
Bosch » Prosyst Mbs Sdk » Version: 8.0

cpe:2.3:a:bosch:prosyst_mbs_sdk:8.0
Bosch » Prosyst Mbs Sdk » Version: 8.1

cpe:2.3:a:bosch:prosyst_mbs_sdk:8.1
Bosch » Prosyst Mbs Sdk » Version: 8.2.2

cpe:2.3:a:bosch:prosyst_mbs_sdk:8.2.2
Bosch » Prosyst Mbs Sdk » Version: 8.2.3

cpe:2.3:a:bosch:prosyst_mbs_sdk:8.2.3
Bosch » Prosyst Mbs Sdk » Version: 8.2.4

cpe:2.3:a:bosch:prosyst_mbs_sdk:8.2.4
Bosch » Prosyst Mbs Sdk » Version: 8.2.5

cpe:2.3:a:bosch:prosyst_mbs_sdk:8.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11897

Products

Pricing

Contact Us