CVE-2021-3552
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bitdefender | Endpoint Security Tools | unspecified < 6.6.27.390 | affected |
| Bitdefender | Endpoint Security Tools | unspecified < 7.1.2.33 | affected |
| Bitdefender | GravityZone | 6.24.1-1 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
Workarounds
An automatic update to version 6.6.27.390 fixes the issue.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.