CVE-2021-3554

CRITICAL

Bitdefender <6.6.27.390, <7.1.2.33, <6.2.21.160 - Info Disclosure

Title source: llm
STIX 2.1

Description

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint versions prior to 6.2.21.160. Bitdefender GravityZone versions prior to 6.24.1-1.

Scores

CVSS v3 9.0
EPSS 0.0268
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (3)
bitdefender/endpoint_security_tools < 6.6.27.390 (2 CPE variants)
bitdefender/gravityzone 6.24.1-1
bitdefender/gravityzone < 6.24.1-1
Published Nov 24, 2021
Tracked Since Feb 18, 2026