Vulnerabilities > CVE-2021-3959 - Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone 3.3.8.249

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bitdefender

CWE-918

NVD

Published: 2021-12-16

Updated: 2021-12-22

Summary

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272

Vulnerable Configurations

Part	Description	Count
Application	Bitdefender Bitdefender Gravityzone - Bitdefender Gravityzone 3.3.8.249	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-in-bitdefender-gravityzone-update-server-in-relay-mode-va-10145