Vulnerabilities > CVE-2021-3553 - Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bitdefender

CWE-918

NVD

Published: 2021-11-24

Updated: 2021-11-30

Summary

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Vulnerable Configurations

Part	Description	Count
Application	Bitdefender Bitdefender Endpoint Security Tools 6.2.21.18 Bitdefender Endpoint Security Tools 6.2.21.155 Bitdefender Endpoint Security Tools * Bitdefender Gravityzone 6.24.1-1	4

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References