CVE-2021-3552: 
Bitdefender Endpoint Security Tools vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-3552) was identified in the EPPUpdateService component of Bitdefender Endpoint Security Tools. The vulnerability allows attackers to proxy requests to the relay server. This affects Bitdefender Endpoint Security Tools versions prior to 6.6.27.390 and versions prior to 7.1.2.33, as well as Bitdefender GravityZone 6.24.1-1 (NVD, AttackerKB).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and primarily impacts confidentiality. The weakness has been categorized as CWE-918 (Server-Side Request Forgery) (NVD).

The SSRF vulnerability allows unauthorized access to potentially sensitive information through proxied requests to the relay server. The high confidentiality impact rating suggests that the vulnerability could lead to significant unauthorized information disclosure (NVD).

Bitdefender has released patches to address this vulnerability. Users should upgrade Bitdefender Endpoint Security Tools to version 6.6.27.390 or later, or version 7.1.2.33 or later. For GravityZone, users should upgrade to a version newer than 6.24.1-1 (NVD).