Bitdefender Product Security Update Advisory
Overview
An update has been released to address vulnerabilities in Bitdefender products. Users of affected versions are advised to update to the latest version.
Affected Products
Bitdefender GravityZone Console versions prior to 6.38.1-2
Resolved Vulnerabilities
A host whitelist parser issue in the proxy service implemented in the GravityZone update server could allow attackers to forge server-side requests (CVE-2024-4177)
Vulnerability Patches
Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest patched version.
Bitdefender GravityZone Console version 6.38.1-2
Referenced Sites
[1] CVE-2024-4177 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-4177
[2] CVE-2024-4177: SSRF Vulnerability Patched in Bitdefender GravityZone Console On-Premise