Search criteria
4 vulnerabilities found for access by bosch
CVE-2019-11899 (GCVE-0-2019-11899)
Vulnerability from nvd – Published: 2019-09-12 18:30 – Updated: 2024-09-17 02:17
VLAI
Summary
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
Severity
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch | Access Professional Edition |
Affected:
unspecified , ≤ 3.7
(custom)
|
Date Public
2019-09-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Professional Edition",
"vendor": "Bosch",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oleksii Orekhov"
}
],
"datePublic": "2019-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T18:30:58.000Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@bosch.com",
"DATE_PUBLIC": "2019-09-11T00:00:00.000Z",
"ID": "CVE-2019-11899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Professional Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.7"
}
]
}
}
]
},
"vendor_name": "Bosch"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oleksii Orekhov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html",
"refsource": "CONFIRM",
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2019-11899",
"datePublished": "2019-09-12T18:30:58.728Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:17:02.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11898 (GCVE-0-2019-11898)
Vulnerability from nvd – Published: 2019-09-12 18:23 – Updated: 2024-09-17 04:09
VLAI
Summary
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.
Severity
9.9 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch | Access Professional Edition |
Affected:
unspecified , ≤ 3.7
(custom)
|
Date Public
2019-09-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Professional Edition",
"vendor": "Bosch",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oleksii Orekhov"
}
],
"datePublic": "2019-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T18:23:21.000Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@bosch.com",
"DATE_PUBLIC": "2019-09-11T00:00:00.000Z",
"ID": "CVE-2019-11898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Professional Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.7"
}
]
}
}
]
},
"vendor_name": "Bosch"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oleksii Orekhov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html",
"refsource": "CONFIRM",
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2019-11898",
"datePublished": "2019-09-12T18:23:21.989Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:09:20.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11899 (GCVE-0-2019-11899)
Vulnerability from cvelistv5 – Published: 2019-09-12 18:30 – Updated: 2024-09-17 02:17
VLAI
Summary
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
Severity
8.8 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch | Access Professional Edition |
Affected:
unspecified , ≤ 3.7
(custom)
|
Date Public
2019-09-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Professional Edition",
"vendor": "Bosch",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oleksii Orekhov"
}
],
"datePublic": "2019-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T18:30:58.000Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@bosch.com",
"DATE_PUBLIC": "2019-09-11T00:00:00.000Z",
"ID": "CVE-2019-11899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Professional Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.7"
}
]
}
}
]
},
"vendor_name": "Bosch"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oleksii Orekhov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html",
"refsource": "CONFIRM",
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2019-11899",
"datePublished": "2019-09-12T18:30:58.728Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:17:02.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11898 (GCVE-0-2019-11898)
Vulnerability from cvelistv5 – Published: 2019-09-12 18:23 – Updated: 2024-09-17 04:09
VLAI
Summary
Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8.
Severity
9.9 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bosch | Access Professional Edition |
Affected:
unspecified , ≤ 3.7
(custom)
|
Date Public
2019-09-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access Professional Edition",
"vendor": "Bosch",
"versions": [
{
"lessThanOrEqual": "3.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oleksii Orekhov"
}
],
"datePublic": "2019-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-12T18:23:21.000Z",
"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"shortName": "bosch"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@bosch.com",
"DATE_PUBLIC": "2019-09-11T00:00:00.000Z",
"ID": "CVE-2019-11898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access Professional Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.7"
}
]
}
}
]
},
"vendor_name": "Bosch"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oleksii Orekhov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized APE administration privileges can be achieved by reverse engineering one of the APE service tools. The service tool is discontinued with Bosch Access Professional Edition (APE) 3.8."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html",
"refsource": "CONFIRM",
"url": "https://psirt.bosch.com/Advisory/BOSCH-SA-710832.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c",
"assignerShortName": "bosch",
"cveId": "CVE-2019-11898",
"datePublished": "2019-09-12T18:23:21.989Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:09:20.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}