CVE-2024-2223

Name of the Vulnerable Software and Affected Versions Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

Description An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay.

Recommendations For Bitdefender Endpoint Security for Linux version 7.0.5.200089, update to a version that includes the fix for the Incorrect Regular Expression vulnerability. For Bitdefender Endpoint Security for Windows version 7.9.9.380, update to a version that includes the fix for the Incorrect Regular Expression vulnerability. For GravityZone Control Center (On Premises) version 6.36.1, update to a version that includes the fix for the Incorrect Regular Expression vulnerability. As a temporary workaround, consider restricting access to the vulnerable component in the GravityZone Update Server to minimize the risk of exploitation.