Sign-up

ID

VAR-201908-1879


CVE

CVE-2019-11603


TITLE

ProSyst mBS SDK and Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008626

DESCRIPTION

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root. Windows for Valve Steam Client Contains a path traversal vulnerability.Information may be obtained. ProSyst Softoware mBS SDK is a software development kit for OSGi application development by German ProSyst Softoware company. Bosch IoT Gateway Software is a set of OSGi-based IoT gateway software from German company Bosch. The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory

Trust: 2.25

sources: NVD: CVE-2019-11603 // JVNDB: JVNDB-2019-008626 // CNNVD: CNNVD-201908-1731 // VULHUB: VHN-143266

IOT TAXONOMY

category:['network device']sub_category:gateway

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:boschmodel:prosyst mbs sdkscope:ltversion:8.2.6

Trust: 1.0

vendor:boschmodel:iot gateway softwarescope:ltversion:9.0.2

Trust: 1.0

vendor:robert boschmodel:iot gateway softwarescope:eqversion:9.0.2

Trust: 0.8

vendor:robert boschmodel:prosyst mbs sdkscope:eqversion:8.2.6

Trust: 0.8

sources: JVNDB: JVNDB-2019-008626 // NVD: CVE-2019-11603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11603
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2019-11603
value: HIGH

Trust: 1.0

NVD: CVE-2019-11603
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-1731
value: HIGH

Trust: 0.6

VULHUB: VHN-143266
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11603
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-143266
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11603
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-143266 // JVNDB: JVNDB-2019-008626 // CNNVD: CNNVD-201908-1731 // NVD: CVE-2019-11603 // NVD: CVE-2019-11603

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-143266 // JVNDB: JVNDB-2019-008626 // NVD: CVE-2019-11603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1731

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201908-1731

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008626

PATCH
title:BOSCH-SA-562575url:https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html
Trust: 0.8
title:ProSyst Softoware mBS SDK  and Bosch IoT Gateway Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97319
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-008626 // 
            
            
            
            CNNVD: CNNVD-201908-1731

EXTERNAL IDS
db:NVDid:CVE-2019-11603
Trust: 2.6
db:JVNDBid:JVNDB-2019-008626
Trust: 0.8
db:CNNVDid:CNNVD-201908-1731
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-143266
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-143266 // 
            
            
            
            JVNDB: JVNDB-2019-008626 // 
            
            
            
            CNNVD: CNNVD-201908-1731 // 
            
            
            
            NVD: CVE-2019-11603

REFERENCES
url:https://psirt.bosch.com/advisory/bosch-sa-562575.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-11603
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11603
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-143266 // 
            
            
            
            JVNDB: JVNDB-2019-008626 // 
            
            
            
            CNNVD: CNNVD-201908-1731 // 
            
            
            
            NVD: CVE-2019-11603

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-143266
db:JVNDBid:JVNDB-2019-008626
db:CNNVDid:CNNVD-201908-1731
db:NVDid:CVE-2019-11603

LAST UPDATE DATE
2025-01-30T22:09:20.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-143266date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008626date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1731date:2019-09-05T00:00:00
db:NVDid:CVE-2019-11603date:2024-11-21T04:21:25.920

SOURCES RELEASE DATE
db:VULHUBid:VHN-143266date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008626date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1731date:2019-08-21T00:00:00
db:NVDid:CVE-2019-11603date:2019-08-21T20:15:12.570