HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-2224

CVSS 8.1v3.1pub. 2024-04-09upd. 2025-02-07

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Bitdefender Endpoint Security

    APP
    Bitdefender
    7.0.5.2000897.9.9.380
  • Bitdefender Gravityzone Control Center

    APP
    Bitdefender
    6.36.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2024-2223HIGH8.1ten sam produkt

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to c...

CVE-2020-8097HIGH8.1ten sam produkt

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender En...

CVE-2020-8108HIGH8.2ten sam produkt

Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process ...

CVE-2025-5317MEDIUM6.8ten sam produkt

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.5...

CVE-2025-1987CRITICAL9.3PL ✓ten sam vendor

Stored XSS w Psono Client / Bitdefender SecurePass via złośliwe URL w magazynie haseł