CVE-2021-3960

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272
Configurations

Configuration 1 (hide)

cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:23

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : 7.8
v2 : 4.6
v3 : 7.1
References () https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-10146 - Vendor Advisory () https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-10146 - Vendor Advisory

Information

Published : 2021-12-16 15:15

Updated : 2024-11-21 06:23


NVD link : CVE-2021-3960

Mitre link : CVE-2021-3960

CVE.ORG link : CVE-2021-3960


JSON object : View

Products Affected

bitdefender

  • gravityzone
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')