CVE-2024-2223

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2223
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:  Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for  Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/ Vendor Advisory
https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bitdefender:endpoint_security:7.0.5.200089:*:*:*:*:linux:*:*
cpe:2.3:a:bitdefender:endpoint_security:7.9.9.380:*:*:*:*:windows:*:*
cpe:2.3:a:bitdefender:gravityzone_control_center:6.36.1:*:*:*:on_premises:*:*:*
History

07 Feb 2025, 19:00

Type Values Removed Values Added
First Time Bitdefender endpoint Security
Bitdefender
Bitdefender gravityzone Control Center
CWE CWE-697
CPE cpe:2.3:a:bitdefender:endpoint_security:7.0.5.200089:*:*:*:*:linux:*:*
cpe:2.3:a:bitdefender:gravityzone_control_center:6.36.1:*:*:*:on_premises:*:*:*
cpe:2.3:a:bitdefender:endpoint_security:7.9.9.380:*:*:*:*:windows:*:*
References () https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/ - () https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/ - Vendor Advisory

21 Nov 2024, 09:09

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de expresión regular incorrecta en Bitdefender GravityZone Update Server permite a un atacante provocar Server Side Request Forgery y reconfigurar el relé. Este problema afecta a los siguientes productos que incluyen el componente vulnerable: Bitdefender Endpoint Security para Linux versión 7.0.5.200089 Bitdefender Endpoint Security para Windows versión 7.9.9.380 GravityZone Control Center (On Premises) versión 6.36.1
References () https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/ - () https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/ -

09 Apr 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-09 13:15

Updated : 2025-02-07 19:00

NVD link : CVE-2024-2223

Mitre link : CVE-2024-2223

CVE.ORG link : CVE-2024-2223

JSON object : View

Products Affected

bitdefender

  • gravityzone_control_center
  • endpoint_security
CWE
CWE-185

Incorrect Regular Expression

CWE-697

Incorrect Comparison