Hard-coded Credentials in Access Professional Edition 3.7 downwards (CVE-2019-11898)

Published

2019-09-11 00:00:00 UTC

Summary

BOSCH-SA-710832-BT: A recently discovered security vulnerability affects Access Professional Edition (APE) installations of versions 3.7 and downwards. The vulnerability enables unauthorized access to sensitive data of the APE system. In cases where a software update is not possible, a reduction in the system’s network exposure is advised. Internet-accessible installations should be firewalled, whilst additional steps like network isolation by VLAN, IP filtering features of the devices and other technologies should be used to decrease the exposure of vulnerable systems. In addition, the SMB service should be properly configured to Microsoft’s latest security recommendations. The vulnerability was discovered and disclosed to Bosch in a coordinated manner by the external researcher, Oleksii Orekhov.