Path Traversal in Bosch Video Management System

Published

2020-01-29 00:00:00 UTC

Summary

BOSCH-SA-381489-BT: A path traversal vulnerability exists in the BVMS. An authenticated BVMS user can successfully request and fetch arbitrary files from the Central Server machine using the FileTransferService. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 7.7 (High) and strongly recommends customers to update vulnerable components with fixed software versions. The vulnerability was discovered during internal product tests.