Server side request forgery (ssrf)

2021-11-2416:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

CPENameOperatorVersion
endpoint_security_toolsge6.6.27.0
endpoint_security_toolslt6.6.27.390
endpoint_security_toolslt6.2.21.160
endpoint_security_toolsge7.0.0.00
endpoint_security_toolslt7.1.2.33
gravityzoneeq6.24.1-1

Name	Operator	Version
endpoint_security_tools	ge	6.6.27.0
endpoint_security_tools	lt	6.6.27.390
endpoint_security_tools	lt	6.2.21.160
endpoint_security_tools	ge	7.0.0.00
endpoint_security_tools	lt	7.1.2.33
gravityzone	eq	6.24.1-1