Security Advisories
Below listed Security Advisories (SA) inform you about identified security vulnerabilities in our product or service and proposed solutions. As we take your overall system security very seriously, we provide in addition Security Information (SI), covering potential effects caused by third-party vulnerabilities.
2020
| Type | ID | Assigned CVE IDs | Title | CVSS* Score | Products | Date | Download (Link to pdf) |
|---|---|---|---|---|---|---|---|
| Type SA | ID BOSCH-SA-381489-BT | Assigned CVE IDs CVE-2020-6767 | Title Path Traversal BVMS Vulnerability | CVSS* Score 7.7 | Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older | Date 2020-01-29 | Download (Link to pdf) |
| Type SA | ID BOSCH-SA-815013-BT | Assigned CVE IDs CVE-2020-6768 | Title NoTouch deployment service BVMS Vulnerability | CVSS* Score 8.6 | Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, BVMS 10.0 and older, BVMS Viewer 10.0 and older | Date 2020-01-29 | Download (Link to pdf) |
| Type SA | ID BOSCH-SA-260625-BT | Assigned CVE IDs CVE-2020-6769 | Title Missing Authentication for Critical Function Video Streaming Gateway Vulnerability | CVSS* Score 10.0 | Products DIVAR IP 3000, DIVAR IP 7000, DIVAR IP all-in-one 5000, DIVAR IP 2000, DIVAR IP 5000, Bosch Video Streaming Gateway (VSG) 6.45 and older | Date 2020-01-29 | Download (Link to pdf) |
| Type SA | ID BOSCH-SA-885551-BT | Assigned CVE IDs CVE-2020-6770 | Title Deserialization of Untrusted Data - BVMS Mobile Video Service Vulnerability | CVSS* Score 10.0 | Products DIVAR IP 3000, DIVAR IP 7000, BVMS 10.0 and older | Date 2020-01-29 | Download (Link to pdf) |
2019
| Type | ID | Version | Title | CVSS* Score | Products | Date | Download (Link to pdf) |
|---|---|---|---|---|---|---|---|
| Type SA | ID BOSCH-SA-710832-BT CVE-2019-11898 | Version 1.0 | Title Unauthorized access to sensitive data by reverse engineering one of the APE service tools | CVSS* Score 9.9 | Products Access Professional Edition (APE) 3.7 downwards | Date 2019-09-11 | Download (Link to pdf) |
| Type SA | ID BOSCH-SA-844044-BT CVE-2019-11899 | Version 1.0 | Title Unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation | CVSS* Score 8.8 | Products Access Professional Edition (APE) 3.7 downwards | Date 2019-09-11 | Download (Link to pdf) |
| Type SI | ID BOSCH-SI-2019-0903BT CVE-2019-1181/1182 | Version 1.0 | Title Windows Remote Desktop Services (RDP) Remote Code Execution | CVSS* Score 9.8 | Products DIVAR IP, HP Workstation, HP Server DL380, UGM 2040 plus, VIDEOJET | Date 2019-09-03 | Download (Link to pdf) |
| Type SI | ID BOSCH-SI-2019-0612BT CVE-2019-0708 | Version 1.0 | Title Windows Remote Desktop Services (RDP) Remote Code Execution | CVSS* Score 9.8 | Products DIVAR IP, HP Workstation, HP Server DL380, VIDEOJET | Date 2019-06-12 | Download (Link to pdf) |
| Type SA | ID BOSCH-SA-804652-BT CVE-2019-11684 | Version 1.01 | Title Unauthenticated Certificate Access | CVSS* Score 9.9 | Products Video Recording Manager, DIVAR IP 5000, Bosch Video Management System | Date 2019-05-22 | Download (Link to pdf) |
| Type SA | ID BOSCH-2019-0403BT CVE-2019-6957 | Version 1.00 | Title Software Buffer Overflow | CVSS* Score 9.8 | Products Bosch Video Management System, DIVAR IP, Video Recording Manager, Video Streaming Gateway, Configuration Manager, Building Integration System with Video Engine, Access Professional Edition, Access Easy Controller, Bosch Video Client, Video SDK | Date 2019-04-03 | Download (Link to pdf) |
| Type SA | ID BOSCH-2019-0404BT CVE-2019-6958 | Version 1.00 | Title Improper Access Control | CVSS* Score 9.8 | Products Bosch Video Management System, DIVAR IP, Configuration Manager, Building Integration System with Video Engine, Access Professional Edition, Access Easy Controller, Bosch Video Client, Video SDK | Date 2019-04-03 | Download (Link to pdf) |
| Type SA | ID BOSCH-2019-0401BT CVE-2019-8951 | Version 1.00 | Title Open Redirect | CVSS* Score 6.1 | Products Video Recording Manager | Date 2019-04-03 | Download (Link to pdf) |
| Type SA | ID BOSCH-2019-0402BT CVE-2019-8952 | Version 1.00 | Title Path Traversal | CVSS* Score 4.9 | Products Video Recording Manager | Date 2019-04-03 | Download (Link to pdf) |
| Type SA | ID BOSCH‑2018‑1201 | Version 1.02 | Title Security Advisory Access Easy Controller 2.1 | CVSS* Score 6.5 | Products Access Easy Controller 2.1 | Date 2019‑02‑28 | Download (Link to pdf) |
| Type SA | ID BOSCH‑2019‑0101‑BT | Version 1.1 | Title DIVAR 400 & 600 series Vulnerability | CVSS* Score 10 | Products DIVAR 400 & 600 series Vulnerability | Date 2019‑01‑09 | Download (Link to pdf) |
2018
| Type | ID | Version | Title | CVSS* Score | Products | Date | Download (Link to pdf) |
|---|---|---|---|---|---|---|---|
| Type SA | ID CVE-2018-19036 BOSCH‑2018‑1202‑BT | Version 1.04 | Title IP Camera Vulnerability | CVSS* Score 9.4 | Products Bosch IP Cameras | Date 2018‑12‑12 | Download (Link to pdf) |