Lucene search

K
cve[email protected]CVE-2024-4177
HistoryJun 06, 2024 - 8:15 a.m.

CVE-2024-4177

2024-06-0608:15:39
CWE-116
CWE-918
web.nvd.nist.gov
34
cve-2024-4177
proxy service
server-side request forgery
gravityzone console
on premise

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

39.1%

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.

Affected configurations

NVD
Node
bitdefendergravityzoneRange<6.38.1-2on-premise

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GravityZone Console On-Premise",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "6.38.1-2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

39.1%

Related for CVE-2024-4177