← back
CVE-2021-3960

Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146)

CVSS 7.1 HIGHEPSS 0.3%CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
Bitdefender · GravityZone

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-10146