CVE-2024-6980

EPSS 0.25%
Published 31.07.2024 07:15:02
Last modified 07.02.2025 16:28:45
Source cve-requests@bitdefender.com
Teams watchlist Login
Open Login

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Bitdefender ≫ Gravityzone SwEditionon-premises Version < 6.38.1-5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.477

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve-requests@bitdefender.com	9.2	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.bitdefender.com/consumer/support/support/security-advisories/verbose-error-handling-issue-in-gravityzone-update-server-proxy-service/

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2024-6980

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6980

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6980

EUVD