VYPR

GravityZone Update Server

by Bitdefender

CVEs (3)

  • CVE-2025-2245Apr 4, 2025
    risk 0.00cvss epss 0.00

    A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing…

  • CVE-2024-6980Jul 31, 2024
    risk 0.00cvss epss 0.01

    A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

  • CVE-2021-3823Oct 28, 2021
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior…