9.8

CVE-2024-2223

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: 

Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for  Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BitdefenderEndpoint Security Version7.0.5.200089 SwPlatformlinux
BitdefenderEndpoint Security Version7.9.9.380 SwPlatformwindows
BitdefenderGravityzone Control Center Version6.36.1 SwEditionon_premises
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.648
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve-requests@bitdefender.com 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-185 Incorrect Regular Expression

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.