CVE-2021-3959: Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145)
First published: Thu Dec 16 2021(Updated: )
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272
Credit: cve-requests@bitdefender.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitdefender GravityZone | <3.3.8.272 |
Remedy
An automatic update to version 3.3.8.272 fixes the issue.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2021-3959.
What is the severity of CVE-2021-3959?
The severity of CVE-2021-3959 is high with a CVSS score of 7.5.
Which component of Bitdefender Endpoint Security Tools is affected by CVE-2021-3959?
The EPPUpdateService component of Bitdefender Endpoint Security Tools is affected by CVE-2021-3959.
What is the impact of CVE-2021-3959?
CVE-2021-3959 allows an attacker to proxy requests to the relay server, leading to potential data leakage or unauthorized access.
How can I mitigate CVE-2021-3959?
Update Bitdefender GravityZone to version 3.3.8.272 or higher to mitigate CVE-2021-3959.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/bitdefender
- canonical/bitdefender gravityzone