CVE-2019-11684

Name of the Vulnerable Software and Affected Versions Bosch Video Recording Manager (VRM) versions 3.70.x through 3.71.0033 Bosch Video Recording Manager (VRM) versions 3.71.0034 through 3.80.0038 are not affected, however versions 3.81 through 3.81.0049 DIVAR IP 5000 versions 3.80 through 3.80.0038 BVMS versions using VRM (affected versions not specified)

Description The issue is related to improper access control in the RCP+ server, allowing arbitrary and unauthenticated access to a limited subset of certificates stored in the Microsoft Windows operating system. The fixed versions implement modified authentication checks.

Recommendations For Bosch Video Recording Manager (VRM) versions 3.70.x through 3.71.0033, update to version 3.71.0034 or later. For Bosch Video Recording Manager (VRM) versions 3.81 through 3.81.0049, update to version 3.81.0050 or later. For DIVAR IP 5000 versions 3.80 through 3.80.0038, update to version 3.80.0039 or later. For BVMS using VRM, ensure the underlying VRM version is updated to a fixed version.