Back
Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
Publication date: December 16th, 2021
CVSS scrore:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected vendors:
Bitdefender
Affected products:
GravityZone
Vulnerability details:
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects Bitdefender GravityZone versions prior to 3.3.8.
Additional details:
An automatic update to version 3.3.8 fixes the issue.
Credit:
Nicolas Verdier, independent security researcher