PT-2019-12554 · Prosyst+1 · Prosyst Mbs Sdk+1
Philip Kazmeier
·
Publicado
2019-08-21
·
Atualizado
2019-10-09
·
CVE-2019-11897
CVSS v3.1
8.6
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ProSyst mBS SDK versions prior to 8.2.6
Bosch IoT Gateway Software versions prior to 9.3.0
Description
A Server-Side Request Forgery (SSRF) issue in the backup and restore functionality allows a remote attacker to forge GET requests to arbitrary URLs. This could potentially enable an attacker to read sensitive zip files from the local server.
Recommendations
For ProSyst mBS SDK versions prior to 8.2.6, update to version 8.2.6 or later to resolve the issue.
For Bosch IoT Gateway Software versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bosch Iot Gateway
Prosyst Mbs Sdk