Vulnerabilities > Bitdefender > Gravityzone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-0677 | Unspecified vulnerability in Bitdefender Endpoint Security Tools, Gravityzone and Update Server Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. | 5.0 |
| 2021-12-16 | CVE-2021-3959 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone 3.3.8.249 A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. | 5.0 |
| 2021-12-16 | CVE-2021-3960 | Path Traversal vulnerability in Bitdefender Gravityzone 3.3.8.249 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. | 4.6 |
| 2021-11-24 | CVE-2021-3552 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. | 5.0 |
| 2021-11-24 | CVE-2021-3553 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. | 5.0 |
| 2021-11-24 | CVE-2021-3554 | Unspecified vulnerability in Bitdefender Endpoint Security Tools and Gravityzone Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. | 7.5 |
| 2021-11-09 | CVE-2021-3641 | Link Following vulnerability in Bitdefender Gravityzone Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. | 3.6 |
| 2021-10-28 | CVE-2021-3823 | Path Traversal vulnerability in Bitdefender Gravityzone Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. | 7.5 |
| 2018-10-30 | CVE-2017-8931 | Unspecified vulnerability in Bitdefender Gravityzone 5.1.11.432/5.1.5.386 Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors. | 10.0 |
| 2018-10-24 | CVE-2018-8955 | Improper Verification of Cryptographic Signature vulnerability in Bitdefender Gravityzone The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | 7.5 |