Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HBitdefender Endpoint Security Tools
APPBitdefender< 6.6.27.3907.0.0.00 – 7.1.2.33 (bez)Bitdefender Gravityzone
APPBitdefender6.24.1-1< 6.24.1-1
Related vulnerabilities
Niebezpieczna deserializacja PHP w Bitdefender GravityZone Console (RCE)
SSRF przez błędną obsługę błędów w GravityZone Update Server
Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privil...
The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for i...
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows ...