PT-2021-22661 · Bitdefender · Bitdefender Gravityzone+1

Nicolas Verdier

Published

2021-12-16

Updated

2021-12-22

CVE-2021-3959

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone versions prior to 3.3.8.272

Description: A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server.

Recommendations: For versions prior to 3.3.8.272, update to version 3.3.8.272 or later to resolve the issue. As a temporary workaround, consider restricting access to the EPPUpdateService component to minimize the risk of exploitation.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2021-3959

Affected Products

Bitdefender Endpoint Security Tools

Bitdefender Gravityzone

PT-2021-22661 · Bitdefender · Bitdefender Gravityzone+1

CVE-2021-3959

Weakness Enumeration

Related Identifiers

Affected Products

References · 4