GCVE - cpe:2.3:a:bitdefender:update_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:bitdefender:update_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Bitdefender (`d5582d91-5be9-5b61-8324-642705c220ed`)
Product	Update Server (`a13a28eb-d74f-57fe-8d92-e59221454993`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-0677`	vulnerable	2026-06-03 14:45:56.618118	Improper Handling of Length Parameter Inconsistency vulnerability in Bitdefender Update Server (VA-10144) HIGH (7.5) Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. Published: 2022-04-07T18:21:34.788Z Updated: 2024-09-16T22:02:25.418Z Open on db.gcve.eu Reference links https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-15297`	vulnerable	2026-06-03 14:41:45.630232	Details available HIGH (7.1) Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. Published: 2020-11-09T08:25:15.214Z Updated: 2024-09-16T17:08:15.114Z Open on db.gcve.eu Reference links https://www.bitdefender.com/support/security-advisories/server-side-request-forgery-bitdefender-update-server-va-9163/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-0396`	vulnerable	2026-06-03 14:28:31.841799	Details available Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. Published: 2008-01-23T11:00:00.000Z Updated: 2024-08-07T07:46:55.111Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/27358 http://www.securityfocus.com/archive/1/486701/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/39802 http://securityreason.com/securityalert/3568 http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.