CVE-2024-2223
EUVD-2024-2717909.04.2024, 13:15
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| bitdefender | endpoint_security | 7.0.5.200089 |
| bitdefender | endpoint_security | 7.9.9.380 |
| bitdefender | gravityzone_control_center | 6.36.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| bitdefender | gravityzone | 6.36.1 | ADP |
Common Weakness Enumeration
- CWE-185 - Incorrect Regular ExpressionThe software specifies a regular expression in a way that causes data to be improperly matched or compared.
- CWE-697 - Incorrect ComparisonThe software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.