Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode (VA-10039)
Publication date: October 28th, 2021
7.1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
GravityZone Update Server
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 188.8.131.52.
An automatic update to Bitdefender GravityZone Update Server to version 184.108.40.206 fixes the issue.