PT-2019-12554 · Prosyst+1 · Prosyst Mbs Sdk+1
Philip Kazmeier
·
Published
2019-08-21
·
Updated
2019-10-09
·
CVE-2019-11897
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ProSyst mBS SDK versions prior to 8.2.6
Bosch IoT Gateway Software versions prior to 9.3.0
Description
A Server-Side Request Forgery (SSRF) issue in the backup and restore functionality allows a remote attacker to forge GET requests to arbitrary URLs. This could potentially enable an attacker to read sensitive zip files from the local server.
Recommendations
For ProSyst mBS SDK versions prior to 8.2.6, update to version 8.2.6 or later to resolve the issue.
For Bosch IoT Gateway Software versions prior to 9.3.0, update to version 9.3.0 or later to resolve the issue.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bosch Iot Gateway
Prosyst Mbs Sdk