ID CVE-2019-11899
Summary An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
References
Vulnerable Configurations
  • cpe:2.3:a:bosch:access:-:*:*:*:professional:*:*:*
    cpe:2.3:a:bosch:access:-:*:*:*:professional:*:*:*
  • cpe:2.3:a:bosch:access:2.1:*:*:*:professional:*:*:*
    cpe:2.3:a:bosch:access:2.1:*:*:*:professional:*:*:*
  • cpe:2.3:a:bosch:access:3.3:*:*:*:professional:*:*:*
    cpe:2.3:a:bosch:access:3.3:*:*:*:professional:*:*:*
  • cpe:2.3:a:bosch:access:3.7:*:*:*:professional:*:*:*
    cpe:2.3:a:bosch:access:3.7:*:*:*:professional:*:*:*
CVSS
Base: 4.0 (as of 08-10-2020 - 14:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
confirm https://psirt.bosch.com/Advisory/BOSCH-SA-844044.html
Last major update 08-10-2020 - 14:45
Published 12-09-2019 - 19:15
Last modified 08-10-2020 - 14:45
Back to Top