CVE-2021-3553
5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bitdefender | Endpoint Security Tools | unspecified < 6.6.27.390 | affected |
| Bitdefender | Endpoint Security Tools | unspecified < 7.1.2.33 | affected |
| Bitdefender | Unified Endpoint for Linux | unspecified < 6.2.21.160 | affected |
| Bitdefender | GravityZone | unspecified < 6.24.1-1 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.