CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-3554

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile10.09th
Published2021年11月24日
Last Modified2024年11月21日

Vulnerability Description

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Affected Platforms (CPE)

📦
Bitdefender

Endpoint Security Tools

< 6.6.27.390
📦
Bitdefender

Endpoint Security Tools

< 6.6.27.390
📦
Bitdefender

Endpoint Security Tools

>= 7.0.0.00 and < 7.1.2.33
📦
Bitdefender

Gravityzone

< 6.24.1-1
📦
Bitdefender

Gravityzone

= 6.24.1-1

References & Advisories

🔗 https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825
🔗 https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825

関連する脆弱性情報

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2016-36448.4

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th...

CVE-2016-22078.4

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th...

CVE-2016-36468.4

The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x th...