16 matches found
CVE-2025-2244
CVE-2025-2244 affects Bitdefender GravityZone Console, via the vulnerable sendMailFromRemoteSource method in Emails.php that unserializes user input without validation. This enables PHP object injection, leading to a file write and arbitrary command execution on the host, per multiple sources. In...
CVE-2022-0677
CVE-2022-0677 is an instance of an improper handling of length parameter inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay) and GravityZone (in Update Server). The issue allows a remote attacker to cause a Denial-of-Service. Affected produ...
CVE-2024-4177
The CVE-2024-4177 issue affects Bitdefender GravityZone Update Server (on‑premise) with GravityZone Console versions prior to 6.38.1-2. The root cause is a host whitelist parser in the proxy service, enabling server-side request forgery (SSRF). Impact is high/critical per sources, with network at...
CVE-2022-2830
CVE-2022-2830 describes a Deserialization of Untrusted Data vulnerability in Bitdefender GravityZone Console’s message processing component. Affected: GravityZone Console On-Premise < 6.29.2-1 and GravityZone Cloud Console
CVE-2014-5350
Bitdefender GravityZone vulnerability CVE-2014-5350 affects GravityZone before 5.1.11.432. The flaw allows directory traversal to read arbitrary files via (1) .. in id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console, and (2) encoded dot-dot in the default URI to port 7074 o...
CVE-2025-2243
Bitdefender GravityZone Console (GravityZone Console) is affected by CVE-2025-2243, an SSRF vulnerability where an attacker may bypass input validation by using leading characters in DNS requests. The issue affects GravityZone Console versions before 6.41.2.1. Root cause: flawed input validation ...
CVE-2018-8955
CVE-2018-8955 affects the BitDefender GravityZone installer. The root cause is that the installer relies on an encoded string in a filename to determine the URL for installation metadata, allowing a remote attacker to execute arbitrary code by changing the filename while the file’s digital signat...
CVE-2024-6980
The CVE-2024-6980 entry concerns Bitdefender GravityZone: GravityZone Console on-premises prior to 6.38.1-5, where a verbose error handling issue in the Update Server proxy service enables server-side request forgery (SSRF). The vulnerability affects the proxy component (GravityZone Update Server...
CVE-2021-3641
CVE-2021-3641: Bitdefender GravityZone (EPAG/Endpoint Agent) contains a Link Following DoS vulnerability. A local attacker who can execute low-privileged code can create a symbolic link to abuse the Endpoint Agent service and overwrite a file, enabling a denial-of-service condition. Affected: Gra...
CVE-2021-3960
In Bitdefender GravityZone, CVE-2021-3960 describes a Path Traversal in the UpdateServer component that can allow arbitrary code execution on affected instances. Affected versions are GravityZone prior to 3.3.8.272. Several records also reference a related Privilege Escalation via the UpdateServe...
CVE-2021-3554
CVE-2021-3554 describes an improper access control in the patchesUpdate API of Bitdefender Endpoint Security Tools for Linux, where a relay role can be abused to manipulate the remote address used to pull patches. Affected are Bitdefender Endpoint Security Tools for Linux versions before 6.6.27.3...
CVE-2021-3823
CVE-2021-3823 is a path-traversal vulnerability in Bitdefender GravityZone UpdateServer (relay mode) that allows arbitrary code execution on vulnerable instances. Affected: Bitdefender GravityZone prior to version 3.3.8.249. Root cause: improper limitation of a pathname to a restricted directory ...
CVE-2021-3959
CVE-2021-3959 describes a Server-Side Request Forgery (SSRF) in the EPPUpdateService of Bitdefender GravityZone. Affected: GravityZone versions prior to 3.3.8.272. The vulnerability allows a proxy of requests to the relay server. The available references indicate no explicit exploit details or in...
CVE-2021-3552
CVE-2021-3552 affects Bitdefender Endpoint Security Tools (EPPUpdateService component). The issue is a Server-Side Request Forgery (SSRF) that lets an attacker proxy requests to the relay server. Affected versions are Bitdefender Endpoint Security Tools prior to 6.6.27.390 and prior to 7.1.2.33; ...
CVE-2021-3553
Bitdefender CVE-2021-3553: SSRF in the EPPUpdateService allows using Endpoint Protection Relay as a proxy. Affected products/versions include Bitdefender Endpoint Security Tools before 6.6.27.390 and before 7.1.2.33, Bitdefender Unified Endpoint for Linux before 6.2.21.160, and Bitdefender Gravit...
CVE-2017-8931
The CVE-2017-8931 entry affects the Bitdefender GravityZone VMware appliance prior to version 6.2.1-35, where an attacker could gain root privileges via unspecified vectors. The NVD entry lists a CVSSv3 base score of 9.8 (CRITICAL) with network attack vector and privileges required: none. Connect...