CVE-2021-3960

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone versions prior to 3.3.8.272

Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in the UpdateServer component of Bitdefender GravityZone. This allows an attacker to execute arbitrary code on vulnerable instances.

Recommendations: For versions prior to 3.3.8.272, update to version 3.3.8.272 or later to resolve the issue. As a temporary workaround, consider restricting access to the UpdateServer component until a patch is applied.