CVE-2019-11684: Improper Access Control in Bosch Video Recording Manager
First published: Fri Feb 26 2021(Updated: )
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Video Recording Manager | >=3.70<3.71.0034 | |
| Bosch Video Recording Manager | >=3.81<3.81.0050 | |
| Bosch Divar Ip 5000 Firmware | >=3.80<3.80.0039 | |
| Bosch DIVAR IP 5000 | ||
| Bosch Video Management System | =3.70.0056 | |
| Bosch Video Management System | =3.70.0058 | |
| Bosch Video Management System | =3.70.0060 | |
| Bosch Video Management System | =3.70.0062 | |
| Bosch Video Management System | =3.71.0022 | |
| Bosch Video Management System | =3.71.0029 | |
| Bosch Video Management System | =3.71.0031 | |
| Bosch Video Management System | =3.71.0032 | |
| Bosch Video Management System | =3.81.0032 | |
| Bosch Video Management System | =3.81.0038 | |
| Bosch Video Management System | =3.81.0048 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-11684.
What is the title of this vulnerability?
The title of this vulnerability is 'Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allo...'.
What is the severity rating of CVE-2019-11684?
The severity rating of CVE-2019-11684 is 9.8 (Critical).
Which software components are affected by this vulnerability?
The Bosch Video Recording Manager (VRM) component and Bosch Divar Ip 5000 Firmware are affected by this vulnerability.
How can I fix the vulnerability in the affected software?
You can fix the vulnerability in the affected software by updating to the fixed versions, specifically versions 3.70.0062 or 3.81.0038 for the Bosch Video Management System.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/bosch
- canonical/bosch video recording manager
- version/bosch video recording manager/3.70
- version/bosch video recording manager/3.81
- canonical/bosch divar ip 5000 firmware
- version/bosch divar ip 5000 firmware/3.80
- canonical/bosch divar ip 5000
- canonical/bosch video management system
- version/bosch video management system/3.70.0056
- version/bosch video management system/3.70.0058
- version/bosch video management system/3.70.0060
- version/bosch video management system/3.70.0062
- version/bosch video management system/3.71.0022
- version/bosch video management system/3.71.0029
- version/bosch video management system/3.71.0031
- version/bosch video management system/3.71.0032
- version/bosch video management system/3.81.0032
- version/bosch video management system/3.81.0038
- version/bosch video management system/3.81.0048