{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63628?format=json","vulnerability_id":"VCID-3hwm-tgg3-dbdw","summary":"An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component: \n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for  Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1","aliases":[{"alias":"CVE-2024-2223"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/","reference_id":"incorrect-regular-expression-in-gravityzone-update-server-va-11465","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-08-12T15:13:14Z/"}],"url":"https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"}],"weaknesses":[{"cwe_id":185,"name":"Incorrect Regular Expression","description":"The product specifies a regular expression in a way that causes data to be improperly matched or compared."}],"exploits":[],"severity_range_score":"8.1 - 8.1","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hwm-tgg3-dbdw"}