CVE-2024-6980
EUVD-2024-4796231.07.2024, 07:15
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| bitdefender | gravityzone | 𝑥 < 6.38.1-5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.
- CWE-918 - Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.