HIGH✓ PATCH🇬🇧 English

CVE-2024-2223

CVSS 8.1v3.1pub. 2024-04-09upd. 2025-02-07

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for  Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bitdefender Endpoint Security

    APP
    Bitdefender
    7.0.5.2000897.9.9.380
  • Bitdefender Gravityzone Control Center

    APP
    Bitdefender
    6.36.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-2224HIGH8.1ten sam produkt

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServ...

CVE-2020-8097HIGH8.1ten sam produkt

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender En...

CVE-2020-8108HIGH8.2ten sam produkt

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process ...

CVE-2025-5317MEDIUM6.8ten sam produkt

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.5...

CVE-2025-1987CRITICAL9.3PL ✓ten sam vendor

Stored XSS w Psono Client / Bitdefender SecurePass via złośliwe URL w magazynie haseł