A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.
References
Link | Resource |
---|---|
https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-08-21 11:15
Updated : 2019-10-09 16:45
NVD link : CVE-2019-11897
Mitre link : CVE-2019-11897
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
bosch
- prosyst_mbs_sdk
- iot_gateway_software