Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
CVE-2021-3959
6.8MEDIUM
What is CVE-2021-3959?
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272
Affected Version(s)
GravityZone < 3.3.8.272
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nicolas Verdier, independent security researcher