Back

Server-side request forgery in Bitdefender Update Server (VA-9163)

Publication date: November 4th, 2020

CVE ID:

CVE-2020-15297

CVSS scrore:

7.1 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected vendors:

Bitdefender

Affected products:

Bitdefender Update Server

Vulnerability details:

Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network.

Additional details:

A fix was automatically delivered in version 6.6.20.294 of the Bitdefender Update Server.