Bitdefender Gravityzone — known CVE vulnerabilities
Every CVE whose affected-product data names Bitdefender Gravityzone, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2017-8931 — CVSS 9.8 (critical): Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.
CVE-2018-8955 — CVSS 9.8 (critical): The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which…
CVE-2025-2244 — CVSS 9.8 (critical): A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php…
CVE-2024-6980 — CVSS 9.8 (critical): A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side…
CVE-2021-3554 — CVSS 9.0 (critical): Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay…
CVE-2022-2830 — CVSS 8.8 (high): Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker…
CVE-2024-4177 — CVSS 8.1 (high): A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side…
CVE-2022-0677 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in…
CVE-2025-2243 — CVSS 7.3 (high): A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic…
CVE-2021-3823 — CVSS 7.1 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender…
CVE-2021-3960 — CVSS 7.1 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender…
CVE-2021-3959 — CVSS 6.8 (medium): A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an…
CVE-2021-3641 — CVSS 6.1 (medium): Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools…
CVE-2021-3553 — CVSS 5.3 (medium): A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use…
CVE-2021-3552 — CVSS 5.3 (medium): A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an…
CVE-2014-5350 — CVSS 5.0 (medium): Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files…