CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34656
https://notcve.org/view.php?id=CVE-2023-34656
29 Jun 2023 — An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. • https://github.com/kangjinlong1/Kang.github.io/blob/main/README.md • CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-6785 – Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
https://notcve.org/view.php?id=CVE-2020-6785
25 Mar 2021 — Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. Cargar una DLL mediante un Elemento de Ruta de... • https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2019-11684 – Improper Access Control in Bosch Video Recording Manager
https://notcve.org/view.php?id=CVE-2019-11684
26 Feb 2021 — Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.... • https://psirt.bosch.com/security-advisories/bosch-sa-804652.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.6EPSS: 1%CPEs: 19EXPL: 0CVE-2020-6768 – Path Traversal in Bosch Video Management System (BVMS)
https://notcve.org/view.php?id=CVE-2020-6768
07 Feb 2020 — A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is... • https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2020-6767 – Path Traversal in Bosch Video Management System (BVMS)
https://notcve.org/view.php?id=CVE-2020-6767
06 Feb 2020 — A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is ... • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-381489-bt_cve-2020-6767_securityadvisory_bvms_pathtraversal.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8952
https://notcve.org/view.php?id=CVE-2019-8952
13 May 2019 — A Path Traversal vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote authorized user to access arbitrary files on the system via the network interface. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions:... • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0402bt-cve-2019-8952_security_advisory_vrm_path_traversal.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8951
https://notcve.org/view.php?id=CVE-2019-8951
13 May 2019 — An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected sof... • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2019-0401bt-cve-2019-8951_security_advisory_vrm_open_redirect.pdf • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •