CVE-2024-2223

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:

Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

Published: Apr 9, 2024
Updated: May 4, 2025
CVE: CVE-2024-2223
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-697
CWE-185

Affected Software
References

Software	From	Fixed in
bitdefender / gravityzone_control_center	6.36.1	6.36.1.x
bitdefender / endpoint_security	7.9.9.380	7.9.9.380.x
bitdefender / endpoint_security	7.0.5.200089	7.0.5.200089.x

https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/

Vulnerability Database

289,599

CVE-2024-2223