InfoSecBulletin Cybersecurity for mankind
Bitdefender fixed a serious vulnerability (CVE-2024-4177, CVSS 8.1) in its GravityZone Console On-Premise product. This flaw, found by security researcher Nicolas Verdier (n1nj4sec), could enable attackers to carry out server-side request forgery (SSRF) attacks, possibly resulting in unauthorized access and data breaches.
GravityZone Console is a security management platform by Bitdefender. It helps monitor and manage security across different endpoints, networks, and cloud environments. The vulnerability affects on-premise versions of GravityZone Console before version 6.38.1-2.
LockBit Claims 33 TB of US Federal Reserve Data
Indonesia’s National data center compromised, $8M ransom demand
ESET Issues Security Patch for Privilege Escalation Flaw
Hacker offer zero-day RCE exploit of Atlassian Jira for Sale
US bans Kaspersky software over Russia ties
China-linked spies target Asian Telcos since 2021
Azad selected expert reviewer for CISA Review Manual 28th Edition
Attackers Target AWS Vaults, Buckets, and Secrets
CISA released Guidance for Modern Approaches to Network Access Security
CISA Releases One Industrial Control Systems Advisory
The problem is a flaw in the host whitelist parser of the proxy service. An attacker could exploit this flaw to manipulate server requests, causing unintended actions or leaking sensitive information. These vulnerabilities are very dangerous as they can bypass security controls and allow unauthorized access to internal systems.
Bitdefender has fixed the issue with an automatic update to version 6.38.1-2 of the GravityZone Console On-Premise. Users with affected versions should update to avoid potential risks from this vulnerability.
