Description
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Bitdefender / Endpoint Security for Linux7.0.5.200089 – 7.0.5.200089
- Bitdefender / Endpoint Security for Windows7.9.9.380 – 7.9.9.380
- Bitdefender / GravityZone Control Center (On Premises)6.36.1 – 6.36.1