Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-2223

Incorrect Regular Expression

Published: Apr 09, 2024 | Modified: Feb 07, 2025
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-2223
CWEhttps://cwe.mitre.org/data/definitions/185.html

An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: 

Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for  Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1

Weakness

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

Affected Software

Name Vendor Start Version End Version
Endpoint_security Bitdefender 7.0.5.200089 (including) 7.0.5.200089 (including)
Endpoint_security Bitdefender 7.9.9.380 (including) 7.9.9.380 (including)
Gravityzone_control_center Bitdefender 6.36.1 (including) 6.36.1 (including)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use