CVE-2021-3823 HIGH

CVE-2021-3823: Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode

Vendor Bitdefender
Product GravityZone Update Server
Weakness CWE-22 · Path traversal
Published October 28, 2021
Last update September 16, 2024

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.

Key dates

02Disclosure timeline

October 28, 2021 CVE published
September 16, 2024 Record updated