CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3959 – Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
https://notcve.org/view.php?id=CVE-2021-3959
16 Dec 2021 — A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272 Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante enviar peticiones al servidor de retransmisión. Este problema afecta a: Bitdefender Gravi... • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-bitdefender-gravityzone-update-server-in-relay-mode-va-10145 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3553 – Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)
https://notcve.org/view.php?id=CVE-2021-3553
24 Nov 2021 — A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en EPPUpdateS... • https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-eppupdateservice-remote-config-file-va-9825 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3554 – Improper Access Control vulnerability in the patchesUpdate API
https://notcve.org/view.php?id=CVE-2021-3554
24 Nov 2021 — Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1. Una vulnerabilidad de control de acceso inadecuado en la... • https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3552 – Insufficient validation on regular expression in EPPUpdateService config file (VA-9825)
https://notcve.org/view.php?id=CVE-2021-3552
24 Nov 2021 — A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el componente EPPUpdateService de Bitdefender Endpoint Security Tools permite a un atacante enviar peticiones al serv... • https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3641 – Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921)
https://notcve.org/view.php?id=CVE-2021-3641
09 Nov 2021 — Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. Una vulnerabilidad de Resolución de Enlaces Inapropiada versiones anteriores al Acceso a Archivos ("Link Following") en el componente EPAG de Bitdefender Endpoint Security Tools for Windows permite a un atacante local causar un... • https://www.bitdefender.com/support/security-advisories/improper-link-resolution-before-file-access-in-bitdefender-gravityzone-va-9921 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3823 – Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode
https://notcve.org/view.php?id=CVE-2021-3823
28 Oct 2021 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. Una vulnerabilidad de Limitación Inapropiada de un Nombre de Ruta a un Directorio Restringido ("Salto de Ruta") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar código arbitrario e... • https://www.bitdefender.com/support/security-advisories/path-traversal-vulnerability-in-bitdefender-gravitzone-update-server-in-relay-mode-va-10039 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3423 – Privilege escalation in Bitdefender GravityZone Business Security
https://notcve.org/view.php?id=CVE-2021-3423
18 May 2021 — Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business Security versions prior to 6.6.23.329. Una vulnerabilidad del elemento de ruta de búsqueda no controlada en el componente openssl como es usado en Bitdefender GravityZone Business Security, permite a un atacante cargar una DLL de terceros para escalar privilegios.&#x... • https://www.bitdefender.com/support/security-advisories/privilege-escalation-in-bitdefender-gravityzone-business-security-va-9557 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8931
https://notcve.org/view.php?id=CVE-2017-8931
30 Oct 2018 — Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. Bitdefender GravityZone VMware en versiones anteriores a la 6.2.1-35 podría permitir que los atacantes obtengan acceso con privilegios root mediante vectores sin especificar. • https://www.bitdefender.com/support/bitdefender-gravityzone-6-2-1-35-release-notes-1909.html •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2018-8955 – Bitdefender GravityZone Installer Signature Bypass / Code Execution
https://notcve.org/view.php?id=CVE-2018-8955
23 Oct 2018 — The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. El instalador de BitDefender GravityZone depende de una cadena cifrada en un nombre de archivo para determinar la URL de metadatos de instalación, lo que permite que atacantes remotos ejecuten código arbitrario cambiando el nombre de archivo y d... • http://packetstormsecurity.com/files/149900/Bitdefender-GravityZone-Installer-Signature-Bypass-Code-Execution.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 3CVE-2014-5350 – BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-5350
19 Aug 2014 — Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server. Múltiples vulnerabilidades de salto de directorio en Bitdefender GravityZone anterior a 5.1.11.432 permiten a atacantes remotos leer ficheros arbitrarios a través de un (1) .. (punto pu... • https://www.exploit-db.com/exploits/34086 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •