9.8
CVE-2024-2223
- EPSS 0.5%
- Published 09.04.2024 13:15:33
- Last modified 07.02.2025 19:00:24
- Source cve-requests@bitdefender.com
- Teams watchlist Login
- Open Login
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1
Data is provided by the National Vulnerability Database (NVD)
Bitdefender ≫ Endpoint Security Version7.0.5.200089 SwPlatformlinux
Bitdefender ≫ Endpoint Security Version7.9.9.380 SwPlatformwindows
Bitdefender ≫ Gravityzone Control Center Version6.36.1 SwEditionon_premises
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.648 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cve-requests@bitdefender.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-185 Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.
CWE-697 Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.