Bitdefender

Gravityzone

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2025-2243

Media report
  • EPSS 0.14%
  • Published 04.04.2025 09:53:25
  • Last modified 30.07.2025 19:04:20

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used...

9.8

CVE-2025-2244

Media report
  • EPSS 0.48%
  • Published 04.04.2025 09:52:48
  • Last modified 30.07.2025 19:04:47

A vulnerability in the sendMailFromRemoteSource method in Emails.php  as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can tr...

9.8

CVE-2024-6980

  • EPSS 0.25%
  • Published 31.07.2024 07:15:02
  • Last modified 07.02.2025 16:28:45

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

9.8

CVE-2024-4177

  • EPSS 0.11%
  • Published 06.06.2024 08:15:39
  • Last modified 21.11.2024 09:42:20

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on p...

9.8

CVE-2022-2830

  • EPSS 1.62%
  • Published 05.09.2022 12:15:08
  • Last modified 21.11.2024 07:01:46

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versi...

7.5

CVE-2022-0677

  • EPSS 0.54%
  • Published 07.04.2022 19:15:07
  • Last modified 21.11.2024 06:39:09

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue a...

7.5

CVE-2021-3959

  • EPSS 0.22%
  • Published 16.12.2021 15:15:07
  • Last modified 21.11.2024 06:23:14

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions pri...

7.8

CVE-2021-3960

  • EPSS 0.05%
  • Published 16.12.2021 15:15:07
  • Last modified 21.11.2024 06:23:14

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender...

7.5

CVE-2021-3552

  • EPSS 0.21%
  • Published 24.11.2021 16:15:13
  • Last modified 21.11.2024 06:21:49

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions pri...

7.5

CVE-2021-3553

  • EPSS 0.22%
  • Published 24.11.2021 16:15:13
  • Last modified 21.11.2024 06:21:49

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Securit...