Gravityzone Update Server
Approved changes feed: RSS · Atom
cpe:2.3:a:bitdefender:gravityzone_update_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Bitdefender (d5582d91-5be9-5b61-8324-642705c220ed) |
|---|---|
| Product | Gravityzone Update Server (cc992772-c515-50e3-9455-6410ab5bbf03) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2245 |
vulnerable | 2026-06-03 15:00:25.015551 |
Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)
A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte (%00) sequences. By crafting a request to a domain such as evil.com%00.bitdefender.com, an attacker can bypass the allowlist check, causing the proxy to forward requests to arbitrary external or internal systems.
Published: 2025-04-04T09:54:03.681Z
Updated: 2025-04-04T12:57:26.616Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6980 |
vulnerable | 2026-06-03 14:58:04.638622 |
Verbose error handling issue in GravityZone Update Server proxy service
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.
Published: 2024-07-31T06:58:44.781Z
Updated: 2024-07-31T14:25:18.592Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3823 |
vulnerable | 2026-06-03 14:45:13.298200 |
Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode
HIGH (7.1)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.
Published: 2021-10-28T13:55:12.997Z
Updated: 2024-09-16T16:28:06.148Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.