Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Bitdefender Flaw Allows SSRF Attacks

August 2, 2024
Reading Time: 3 mins read
in Alerts
Bitdefender Flaw Allows SSRF Attacks

A critical security vulnerability has been identified in Bitdefender’s GravityZone Update Server, potentially exposing organizations to server-side request forgery (SSRF) attacks. The flaw, designated CVE-2024-6980, has been assigned a high severity rating with a CVSS score of 9.2 out of 10, underscoring the significant impact on affected systems. This vulnerability stems from a verbose error-handling issue in the proxy service implemented within the GravityZone Update Server. As a result, an attacker could initiate SSRF attacks, posing severe risks to the security and integrity of targeted systems.

The vulnerability specifically impacts GravityZone Console versions before 6.38.1-5 running on-premises. Exploiting this flaw, attackers could potentially access sensitive internal resources, bypass established security controls, manipulate server operations, and gather confidential information. The high CVSS score reflects the critical nature of this vulnerability and the potential for substantial damage if it remains unaddressed.

In response to this pressing security concern, Bitdefender has acted swiftly by releasing an automatic update to product version 6.38.1-5, which addresses the identified flaw. Organizations using the affected versions of the GravityZone Update Server are strongly advised to update their systems to the latest version without delay to mitigate the risks associated with this vulnerability. Bitdefender’s proactive measures demonstrate their commitment to maintaining robust security for their users.

Credit for discovering this vulnerability goes to Nicolas VERDIER, also known as n1nj4sec, who followed responsible disclosure practices, allowing Bitdefender to develop and release a patch before the vulnerability was made public. To ensure comprehensive protection, users are recommended to verify their GravityZone Console versions, enable automatic updates, conduct thorough security assessments of potentially exposed systems, and monitor for any suspicious activities indicative of exploitation attempts. Staying vigilant and updated is crucial to safeguarding against potential threats posed by this significant vulnerability.

Reference:

  • Bitdefender GravityZone Vulnerability Exposes Servers to SSRF Attacks
Tags: August 2024BitdefenderCyber AlertsCyber Alerts 2024Cyber RiskCyber threatsGravityZoneVulnerability
ADVERTISEMENT

Related Posts

New Godfather Trojan Hijacks Banking Apps

Winos 4.0 Malware Hits Taiwan Via Tax Phish

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Godfather Trojan Hijacks Banking Apps

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

June 20, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Minecraft Mods On GitHub Spread Malware

June 19, 2025
Russian Phishing Scam Bypasses Google 2FA

Russian Phishing Scam Bypasses Google 2FA

June 19, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Invoices Deliver Sorillus RAT In Europe

June 19, 2025

Latest Alerts

Winos 4.0 Malware Hits Taiwan Via Tax Phish

New Amatera Stealer Delivered By ClearFake

New Godfather Trojan Hijacks Banking Apps

Fake Minecraft Mods On GitHub Spread Malware

Fake Invoices Deliver Sorillus RAT In Europe

Russian Phishing Scam Bypasses Google 2FA

Subscribe to our newsletter

    Latest Incidents

    Massive Leak Exposes 16 Billion Credentials

    Tonga Health System Down After Ransomware

    Chinese Spies Target Satellite Giant Viasat

    German Dealer Leymann Hacked Closes Stores

    Hacker Mints $27M From Meta Pool Gets 132K

    UBS and Pictet Hit By Vendor Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial