CyberSec.Space Logo
Back to CVE Browser

CVE-2021-3823

HIGH
7.1
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile34.76th
PublishedOct 28, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.

Affected Platforms (CPE)

📦
Bitdefender

Gravityzone

< 3.3.8.249

References & Advisories

🔗 https://www.bitdefender.com/support/security-advisories/path-traversal-vulnerability-in-bitdefender-gravitzone-update-server-in-relay-mode-va-10039/
🔗 https://www.bitdefender.com/support/security-advisories/path-traversal-vulnerability-in-bitdefender-gravitzone-update-server-in-relay-mode-va-10039/

Related Vulnerabilities

CVE-2018-89559.8

The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata...

CVE-2017-89319.8

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified...

CVE-2021-35549.0

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as ...

CVE-2021-34237.8

Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allow...