CVE-2019-8951
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056).
Una vulnerabilidad de redirección abierta en el servidor web afecta a varios productos de hardware y software de Bosch. La vulnerabilidad permite potencialmente que un atacante remoto redirija a los usuarios a una URL arbitraria. Productos de hardware afectados: Bosch DIVAR IP 2000 (versiones vulnerables: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; versiones que corrigen el fallo: 3.62.0019 y posteriores), Bosch DIVAR IP 5000 (versiones vulnerables: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; versiones que corrigen el fallo: 3.80.0033 y posteriores). Productos de software afectados: Video Recording Manager (VRM) (versiones vulnerables: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; versiones que corrigen el fallo: 3.70.0056 y posteriores; 3.81.0032 y posteriores), Bosch Video Management System (BVMS) (versiones vulnerables: 3.50.00XX; 3.55.00XX; 3.60.00XX; versiones que corrigen el fallo: 7.5; 3.70.0056).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-20 CVE Reserved
- 2019-05-13 CVE Published
- 2024-05-06 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bosch Search vendor "Bosch" | Divar Ip 2000 Firmware Search vendor "Bosch" for product "Divar Ip 2000 Firmware" | < 3.62.0019 Search vendor "Bosch" for product "Divar Ip 2000 Firmware" and version " < 3.62.0019" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 2000 Search vendor "Bosch" for product "Divar Ip 2000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Divar Ip 5000 Firmware Search vendor "Bosch" for product "Divar Ip 5000 Firmware" | < 3.80.0033 Search vendor "Bosch" for product "Divar Ip 5000 Firmware" and version " < 3.80.0033" | - |
Affected
| in | Bosch Search vendor "Bosch" | Divar Ip 5000 Search vendor "Bosch" for product "Divar Ip 5000" | - | - |
Safe
|
| Bosch Search vendor "Bosch" | Video Management System Search vendor "Bosch" for product "Video Management System" | < 3.71.0056 Search vendor "Bosch" for product "Video Management System" and version " < 3.71.0056" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | < 3.70.0056 Search vendor "Bosch" for product "Video Recording Manager" and version " < 3.70.0056" | - |
Affected
| ||||||
| Bosch Search vendor "Bosch" | Video Recording Manager Search vendor "Bosch" for product "Video Recording Manager" | >= 3.81 < 3.81.0032 Search vendor "Bosch" for product "Video Recording Manager" and version " >= 3.81 < 3.81.0032" | - |
Affected
| ||||||