CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security forΒ Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
[
{
"defaultStatus": "affected",
"product": "GravityZone Control Center (On Premises)",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "6.36.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Endpoint Security for Windows",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.9.9.380"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Endpoint Security for Linux",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.0.5.200089"
}
]
}
]