CVE-2021-3553

Bitdefender CVE-2021-3553: SSRF in the EPPUpdateService allows using Endpoint Protection Relay as a proxy. Affected products/versions include Bitdefender Endpoint Security Tools before 6.6.27.390 and before 7.1.2.33, Bitdefender Unified Endpoint for Linux before 6.2.21.160, and Bitdefender Gravit...

CVE-2021-3553 Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...

CVE-2021-3554

CVE-2021-3554 describes an improper access control in the patchesUpdate API of Bitdefender Endpoint Security Tools for Linux, where a relay role can be abused to manipulate the remote address used to pull patches. Affected are Bitdefender Endpoint Security Tools for Linux versions before 6.6.27.3...

CVE-2021-3554 Improper Access Control vulnerability in the patchesUpdate API

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions...

CVE-2021-3552

CVE-2021-3552 affects Bitdefender Endpoint Security Tools (EPPUpdateService component). The issue is a Server-Side Request Forgery (SSRF) that lets an attacker proxy requests to the relay server. Affected versions are Bitdefender Endpoint Security Tools prior to 6.6.27.390 and prior to 7.1.2.33; ...

CVE-2021-3552 Insufficient validation on regular expression in EPPUpdateService config file (VA-9825)

A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33...

Bitdefender Endpoint Security Tool 安全漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in Bitdefender Endpoint Security Tools that stems from improper access control in the patch update API implemented in the software, which allows an...

Bitdefender Endpoint Security Tool 代码问题漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A security vulnerability exists in Bitdefender Endpoint Security Tools, which stems from the lack of a valid check for server-side request forgery in the EPPUpdateService component of...

CVE-2021-3641

Improper Link Resolution Before File Access 'Link Following' vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions...

CVE-2021-3641

Improper Link Resolution Before File Access 'Link Following' vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions...

Input validation

Improper Link Resolution Before File Access 'Link Following' vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions...

CVE-2021-3641

CVE-2021-3641: Bitdefender GravityZone (EPAG/Endpoint Agent) contains a Link Following DoS vulnerability. A local attacker who can execute low-privileged code can create a symbolic link to abuse the Endpoint Agent service and overwrite a file, enabling a denial-of-service condition. Affected: Gra...

CVE-2021-3641 Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921)

Improper Link Resolution Before File Access 'Link Following' vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions...

Bitdefender Endpoint Security Tool 后置链接漏洞

Bitdefender Endpoint Security Tool is an endpoint security management tool from Bitdefender Romania. Bitdefender Endpoint Security Tool suffers from a back-link vulnerability that arises from improper design or implementation during code development of a networked system or product...

(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

(0Day) Bitdefender Total Security Unnecessary Privileges Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2021-3579

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint...

CVE-2021-3576

Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security...

CVE-2021-3579

Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint...

CVE-2021-3823

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249...