Lucene search

BitdefenderCVELIST:CVE-2024-4177

HistoryJun 06, 2024 - 7:59 a.m.

CVE-2024-4177 Host whitelist parser issue in GravityZone Console On-Premise (VA-11554)

2024-06-0607:59:22

CWE-116

Bitdefender

www.cve.org

gravityzone

whitelist parser

ssrf attack

update server

on premise

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "GravityZone Console On-Premise",
    "vendor": "Bitdefender",
    "versions": [
      {
        "lessThan": "6.38.1-2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

bitdefender.com/consumer/support/support/security-advisories/host-whitelist-parser-issue-in-gravityzone-console-on-premise-va-11554/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2024-4177