Vulnerabilities > CVE-2021-3552 - Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bitdefender

CWE-918

NVD

Published: 2021-11-24

Updated: 2021-12-01

Summary

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.

Vulnerable Configurations

Part	Description	Count
Application	Bitdefender Bitdefender Endpoint Security Tools * Bitdefender Gravityzone 6.24.1-1	3

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.bitdefender.com/support/security-advisories/insufficient-validation-regular-expression-eppupdateservice-config-file-va-9825