Lucene search

K
cveBitdefenderCVE-2024-2223
HistoryApr 09, 2024 - 1:15 p.m.

CVE-2024-2223

2024-04-0913:15:33
CWE-185
Bitdefender
web.nvd.nist.gov
28
bitdefender
gravityzone
security vulnerability
regular expression
ssrf
server side request forgery
update server
endpoint security for linux
endpoint security for windows
control center
on premises

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

9.0%

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:

Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security forΒ  Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "GravityZone Control Center (On Premises)",
    "vendor": "Bitdefender",
    "versions": [
      {
        "status": "affected",
        "version": "6.36.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Endpoint Security for Windows",
    "vendor": "Bitdefender",
    "versions": [
      {
        "status": "affected",
        "version": "7.9.9.380"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Endpoint Security for Linux",
    "vendor": "Bitdefender",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.5.200089"
      }
    ]
  }
]

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

9.0%

Related for CVE-2024-2223