CVE-2024-2223
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bitdefender | GravityZone Control Center (On Premises) | 6.36.1 | affected |
| Bitdefender | Endpoint Security for Windows | 7.9.9.380 | affected |
| Bitdefender | Endpoint Security for Linux | 7.0.5.200089 | affected |
Weaknesses
- CWE-185: CWE-185: Incorrect Regular Expression
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.