Back

CVE-2024-6980

July 31, 2024, 12:57 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

GravityZone Console

  • before 6.38.1-5

Source

cve-requests@bitdefender.com

Tags

CWE-209
cve-requests@bitdefender.com
2024-07-31
CVE-2024-6980

CVE-2024-6980 details

Published : July 31, 2024, 7:15 a.m.
Last Modified : July 31, 2024, 12:57 p.m.

Description

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-209 Generation of Error Message Containing Sensitive Information The product generates an error message that includes sensitive information about its environment, users, or associated data.

References

URL Source
https://www.bitdefender.com/consumer/support/support/security-advisories/verbose-error-handling-issue-in-gravityzone-update-server-proxy-service/ cve-requests@bitdefender.com
This website uses the NVD API, but is not approved or certified by it.