CVE-2021-3959

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...

CVE-2021-3960

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...

CVE-2021-3959

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...

Path traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...

CVE-2021-3960

In Bitdefender GravityZone, CVE-2021-3960 describes a Path Traversal in the UpdateServer component that can allow arbitrary code execution on affected instances. Affected versions are GravityZone prior to 3.3.8.272. Several records also reference a related Privilege Escalation via the UpdateServe...

CVE-2021-3960 Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146)

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272...

CVE-2021-3959

CVE-2021-3959 describes a Server-Side Request Forgery (SSRF) in the EPPUpdateService of Bitdefender GravityZone. Affected: GravityZone versions prior to 3.3.8.272. The vulnerability allows a proxy of requests to the relay server. The available references indicate no explicit exploit details or in...

CVE-2021-3959 Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272...

Bitdefender Endpoint Security Tool 代码问题漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from Bitdefender Romania. A security vulnerability exists in Bitdefender Endpoint Security Tools that stems from a server-side request forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint...

Bitdefender GravityZone 路径遍历漏洞

Bitdefender GravityZone is a scanning software from Bitdefender Romania. Bitdefender GravityZone suffers from a path traversal vulnerability that stems from an improperly restricted pathname "path traversal" vulnerability in the UpdateServer component of Bitdefender GravityZone that allows an...

The vulnerabilities of bdservicehost.exe and Vulnerability.Scan.exe of the Bitdefender Endpoint Security Tools for Windows (BEST) and the antivirus software Bitdefender Total Security allow attackers to enhance their privileges.

The vulnerability of the bdservicehost.exe and Vulnerability.Scan.exe processes of the Bitdefender Endpoint Security Tools for Windows BEST and the antivirus software Bitdefender Total Security systems is related to incorrect default access settings. Exploiting this vulnerability can allow...

Bitdefender GravityZone Unnecessary Privileges Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender GravityZone. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the endpoint...

CVE-2021-3552

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...

CVE-2021-3553

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...

CVE-2021-3552

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...

CVE-2021-3554

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...

Improper access control

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...