Bitdefender

Gravityzone

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3

CVE-2025-2243

Medienbericht
  • EPSS 0.14%
  • Veröffentlicht 04.04.2025 09:53:25
  • Zuletzt bearbeitet 30.07.2025 19:04:20

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used...

9.8

CVE-2025-2244

Medienbericht
  • EPSS 0.48%
  • Veröffentlicht 04.04.2025 09:52:48
  • Zuletzt bearbeitet 30.07.2025 19:04:47

A vulnerability in the sendMailFromRemoteSource method in Emails.php  as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can tr...

9.8

CVE-2024-6980

  • EPSS 0.25%
  • Veröffentlicht 31.07.2024 07:15:02
  • Zuletzt bearbeitet 07.02.2025 16:28:45

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

9.8

CVE-2024-4177

  • EPSS 0.11%
  • Veröffentlicht 06.06.2024 08:15:39
  • Zuletzt bearbeitet 21.11.2024 09:42:20

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on p...

9.8

CVE-2022-2830

  • EPSS 1.62%
  • Veröffentlicht 05.09.2022 12:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:46

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versi...

7.5

CVE-2022-0677

  • EPSS 0.54%
  • Veröffentlicht 07.04.2022 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:39:09

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue a...

7.5

CVE-2021-3959

  • EPSS 0.22%
  • Veröffentlicht 16.12.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:23:14

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions pri...

7.8

CVE-2021-3960

  • EPSS 0.05%
  • Veröffentlicht 16.12.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:23:14

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender...

7.5

CVE-2021-3552

  • EPSS 0.21%
  • Veröffentlicht 24.11.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:49

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions pri...

7.5

CVE-2021-3553

  • EPSS 0.22%
  • Veröffentlicht 24.11.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:49

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Securit...