Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for VRM Exporter by Bosch

    CVE-2021-23859 (GCVE-0-2021-23859)

    Vulnerability from nvd – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:45
    VLAI
    Title
    Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
    Summary
    An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VRM Exporter Affected: 2.1 , ≤ 2.10.0008 (custom)
    Create a notification for this product.
    Bosch APE Affected: unspecified , ≤ 3.8.x.x (custom)
    Create a notification for this product.
    Bosch AEC Affected: unspecified , ≤ 2.9.1.x (custom)
    Create a notification for this product.
    Bosch BIS Affected: unspecified , ≤ 4.9 (custom)
    Affected: unspecified , ≤ 4.8 (custom)
    Affected: unspecified , ≤ 4.7 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VRM Exporter",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0008",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "APE",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.x.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "AEC",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.1.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "4.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:23.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23859",
              "STATE": "PUBLIC",
              "TITLE": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM Exporter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.1",
                                "version_value": "2.10.0008"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "APE",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.8.x.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "AEC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.9.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.9"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23859",
        "datePublished": "2021-12-08T21:17:23.528Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:45:43.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23859 (GCVE-0-2021-23859)

    Vulnerability from cvelistv5 – Published: 2021-12-08 21:17 – Updated: 2024-09-16 19:45
    VLAI
    Title
    Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products
    Summary
    An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
    CWE
    • CWE-703 - Improper Check or Handling of Exceptional Conditions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bosch BVMS Affected: unspecified , ≤ 9.0.0 (custom)
    Affected: 11.0 , < 11.0.0 (custom)
    Affected: 10.0 , < 10.0.2 (custom)
    Affected: 10.1 , < 10.1.1 (custom)
    Create a notification for this product.
    Bosch DIVAR IP 7000 R2 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 5000 Affected: all
    Create a notification for this product.
    Bosch DIVAR IP all-in-one 7000 Affected: all
    Create a notification for this product.
    Bosch VRM Affected: unspecified , ≤ 3.81 (custom)
    Affected: 4.0 , ≤ 4.00.0070 (custom)
    Affected: 3.83 , ≤ 3.83.0021 (custom)
    Affected: 3.82 , ≤ 3.82.0057 (custom)
    Create a notification for this product.
    Bosch VRM Exporter Affected: 2.1 , ≤ 2.10.0008 (custom)
    Create a notification for this product.
    Bosch APE Affected: unspecified , ≤ 3.8.x.x (custom)
    Create a notification for this product.
    Bosch AEC Affected: unspecified , ≤ 2.9.1.x (custom)
    Create a notification for this product.
    Bosch BIS Affected: unspecified , ≤ 4.9 (custom)
    Affected: unspecified , ≤ 4.8 (custom)
    Affected: unspecified , ≤ 4.7 (custom)
    Create a notification for this product.
    Date Public
    2021-12-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:14:09.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BVMS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "9.0.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.0.2",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "10.1.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DIVAR IP 7000 R2",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 5000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "DIVAR IP all-in-one 7000",
              "vendor": "Bosch",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            },
            {
              "product": "VRM",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.81",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.00.0070",
                  "status": "affected",
                  "version": "4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.83.0021",
                  "status": "affected",
                  "version": "3.83",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "3.82.0057",
                  "status": "affected",
                  "version": "3.82",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VRM Exporter",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.10.0008",
                  "status": "affected",
                  "version": "2.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "APE",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.x.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "AEC",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.1.x",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "BIS",
              "vendor": "Bosch",
              "versions": [
                {
                  "lessThanOrEqual": "4.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "4.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-12-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-703",
                  "description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-08T21:17:23.000Z",
            "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
            "shortName": "bosch"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
            }
          ],
          "source": {
            "advisory": "BOSCH-SA-043434-BT",
            "discovery": "EXTERNAL"
          },
          "title": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@bosch.com",
              "DATE_PUBLIC": "2021-12-08",
              "ID": "CVE-2021-23859",
              "STATE": "PUBLIC",
              "TITLE": "Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BVMS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "11.0",
                                "version_value": "11.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.0",
                                "version_value": "10.0.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "10.1",
                                "version_value": "10.1.1"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "9.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP 7000 R2",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 5000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "DIVAR IP all-in-one 7000",
                          "version": {
                            "version_data": [
                              {
                                "configuration": "using vulnerable BVMS or VRM version",
                                "version_affected": "=",
                                "version_value": "all"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "4.0",
                                "version_value": "4.00.0070"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.83",
                                "version_value": "3.83.0021"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "3.82",
                                "version_value": "3.82.0057"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VRM Exporter",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.1",
                                "version_value": "2.10.0008"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "APE",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "3.8.x.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "AEC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.9.1.x"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BIS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.9"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.8"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_value": "4.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bosch"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859"
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-703 Improper Check or Handling of Exceptional Conditions"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html",
                  "refsource": "CONFIRM",
                  "url": "https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html"
                }
              ]
            },
            "source": {
              "advisory": "BOSCH-SA-043434-BT",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
        "assignerShortName": "bosch",
        "cveId": "CVE-2021-23859",
        "datePublished": "2021-12-08T21:17:23.528Z",
        "dateReserved": "2021-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:45:43.543Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }