CVE-2019-11897

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bosch:iot_gateway_software:*:*:*:*:*:*:*:*
cpe:2.3:a:bosch:prosyst_mbs_sdk:*:*:*:*:*:*:*:*

Information

Published : 2019-08-21 11:15

Updated : 2019-10-09 16:45


NVD link : CVE-2019-11897

Mitre link : CVE-2019-11897


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

bosch

  • prosyst_mbs_sdk
  • iot_gateway_software