Vulnerabilities > Bitdefender > Gravityzone > 6.24.1.1

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2022-0677 Unspecified vulnerability in Bitdefender Endpoint Security Tools, Gravityzone and Update Server
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service.
network
low complexity
bitdefender
7.5
2021-11-24 CVE-2021-3552 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server.
network
low complexity
bitdefender CWE-918
7.5
2021-11-24 CVE-2021-3553 Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host.
network
low complexity
bitdefender CWE-918
7.5
2021-11-24 CVE-2021-3554 Unspecified vulnerability in Bitdefender Endpoint Security Tools and Gravityzone
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches.
network
low complexity
bitdefender
critical
10.0
2021-11-09 CVE-2021-3641 Link Following vulnerability in Bitdefender Gravityzone
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service.
local
low complexity
bitdefender CWE-59
6.1