Back

Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)

Publication date: June 6th, 2024

CVE ID:

CVE-2024-4177

CVSS scrore:

8.1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

GravityZone Console

Vulnerability details:

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 which are running only on premise.

Additional details:

An automatic update to version GravityZone Console On-Premise 6.38.1-2 fixes the issue.

Credit:

Nicolas VERDIER -- n1nj4sec