Bosch Bvms
9 CVEs affecting Bosch Bvms. Latest disclosed: 2026-04-15. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-23859 | Critical | 9.1 | 2021-12-08 | An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation t… |
CVE-2020-6785 | High | 7.8 | 2021-03-25 | Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allo… |
CVE-2024-33618 | High | 7.5 | 2026-04-15 | Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network int… |
CVE-2022-32540 | High | 7.4 | 2022-09-30 | Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-… |
CVE-2021-23862 | High | 7.2 | 2021-12-08 | A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affect… |
CVE-2023-28175 | High | 7.1 | 2023-06-15 | Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal n… |
CVE-2021-23861 | Medium | 6.5 | 2021-12-08 | By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or… |
CVE-2023-35867 | Medium | 5.9 | 2023-12-18 | An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of… |
CVE-2021-23860 | Medium | 5.0 | 2021-12-08 | An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack mu… |