CVE-2024-6980

Name of the Vulnerable Software and Affected Versions GravityZone Console versions prior to 6.38.1-5

Description A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions running on premise.

Recommendations For GravityZone Console versions prior to 6.38.1-5, upgrade the affected component to version 6.38.1-5 or later to mitigate the risk. As a temporary workaround, consider restricting access to the proxy service to minimize the risk of exploitation.