Bitdefender Gravityzone Update Server vulnerabilities
3 known vulnerabilities affecting bitdefender/gravityzone_update_server.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-3823P3CRITICALCVSS 9.8≥ unspecified, < 3.3.8.2492021-10-28
CVE-2021-3823 [CRITICAL] CWE-22 CVE-2021-3823: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.
nvd
CVE-2024-6980P3CRITICALCVSS 9.8fixed in 6.38.1-52024-07-31
CVE-2024-6980 [CRITICAL] CWE-209 CVE-2024-6980: A verbose error handling issue in the proxy service implemented in the GravityZone Update Server all
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.
nvd
CVE-2025-2245P3MEDIUMCVSS 5.3fixed in 3.5.2.6892025-04-04
CVE-2025-2245 [MEDIUM] CWE-918 CVE-2025-2245: A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Serv
A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.c
nvd