Lucene search

BitdefenderCVELIST:CVE-2021-3641

HistoryOct 30, 2021 - 12:00 a.m.

CVE-2021-3641 Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921)

2021-10-3000:00:00

CWE-59

Bitdefender

www.cve.org

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

0.0004 Low

EPSS

Percentile

15.9%

JSON

Improper Link Resolution Before File Access (‘Link Following’) vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.

CNA Affected

[
  {
    "product": "GravityZone",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThanOrEqual": "7.1.2.33",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bitdefender.com/support/security-advisories/improper-link-resolution-before-file-access-in-bitdefender-gravityzone-va-9921

www.zerodayinitiative.com/advisories/ZDI-22-143/

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2021-3641