cbcvebase.
CVE-2021-3553
published 2021-11-24

CVE-2021-3553: A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.28%
66.4th percentile
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Affected

8 ranges
VendorProductVersion rangeFixed in
bitdefenderendpoint_security_tools< 6.2.21.1606.2.21.160
bitdefenderendpoint_security_tools>= 6.6.27.0 < 6.6.27.3906.6.27.390
bitdefenderendpoint_security_tools>= 7.0.0.00 < 7.1.2.337.1.2.33
bitdefenderendpoint_security_tools>= unspecified < 6.6.27.3906.6.27.390
bitdefenderendpoint_security_tools>= unspecified < 7.1.2.337.1.2.33
bitdefendergravityzone
bitdefendergravityzone>= unspecified < 6.24.1-16.24.1-1
bitdefenderunified_endpoint_for_linux>= unspecified < 6.2.21.1606.2.21.160

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.