Server-Side Request Forgery Vulnerability Affects GravityZone Console
CVE-2024-6980

9.8CRITICAL

Key Information:

Vendor

Bitdefender

Status
Gravityzone Update Server
Vendor
CVE Published:
31 July 2024

Badges

đź“° News Worthy

What is CVE-2024-6980?

A verbose error handling issue in the proxy service of Bitdefender's GravityZone Update Server exposes the application to server-side request forgery attacks. This vulnerability can enable attackers to manipulate requests sent from the server, potentially leading to unauthorized actions. It specifically affects versions of the GravityZone Console prior to 6.38.1-5 running in on-premise environments.

Affected Version(s)

GravityZone Update Server 0 < 6.38.1-5

News Articles

favicon imageCyber Security News

Bitdefender Vulnerability Let Attackers Trigger SSRF Attacks

A critical security vulnerability has been discovered in Bitdefender's GravityZone Update Server, potentially exposing organizations to server-side request forgery (SSRF) attacks.

References

https://www.bitdefender.com/consumer/support/support/secu...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Cyber Security News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nicolas VERDIER -- n1nj4sec
.