CVE-2021-3554

Published: Nov 24, 2021Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Affected (5)

Products: Bitdefender: Endpoint Security Tools, Gravityzone

Bitdefender

2 products

Endpoint Security Tools

Gravityzone

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Bitdefender Endpoint Security Tools	Before 6.6.27.390
Bitdefender Endpoint Security Tools	From 7.0.0.00 to 7.1.2.33
Bitdefender Endpoint Security Tools	Before 6.6.27.390
Bitdefender Gravityzone	Before 6.24.1-1
Bitdefender Gravityzone	Version 6.24.1-1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825

Source: cve-requests@bitdefender.com

Broken Link

https://www.bitdefender.com/support/security-advisories/improper-access-control-vulnerability-patchesupdate-api-va-9825

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.