Path Traversal in Bosch Video Management System


2020-01-29 00:00:00 UTC


BOSCH-SA-381489-BT: A path traversal vulnerability exists in the BVMS. An authenticated BVMS user can successfully request and fetch arbitrary files from the Central Server machine using the FileTransferService. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 7.7 (High) and strongly recommends customers to update vulnerable components with fixed software versions. The vulnerability was discovered during internal product tests.