{"cve":{"cve_id":"CVE-2024-2224","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00731,"epss_percentile":0.49496,"epss_as_of":"2026-06-23","description":"Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: \n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for  Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n","published_at":"2024-04-09T13:01:47.416000Z","last_modified_at":null,"cvss_v3_score":8.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"poc","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-22"],"nvd_references":["https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:56:44.112925Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"bitdefender","vendor_name":"Bitdefender","product_slug":"endpoint-security-for-linux","product_name":"Endpoint Security for Linux","version_start":"7.0.5.200089","version_start_inclusive":true,"version_end":"7.0.5.200089","version_end_inclusive":true,"cpe23_uri":"cve5:bitdefender:endpoint-security-for-linux:7.0.5.200089:7.0.5.200089"},{"vendor_slug":"bitdefender","vendor_name":"Bitdefender","product_slug":"endpoint-security-for-windows","product_name":"Endpoint Security for Windows","version_start":"7.9.9.380","version_start_inclusive":true,"version_end":"7.9.9.380","version_end_inclusive":true,"cpe23_uri":"cve5:bitdefender:endpoint-security-for-windows:7.9.9.380:7.9.9.380"},{"vendor_slug":"bitdefender","vendor_name":"Bitdefender","product_slug":"gravityzone-control-center-on-premises","product_name":"GravityZone Control Center (On Premises)","version_start":"6.36.1","version_start_inclusive":true,"version_end":"6.36.1","version_end_inclusive":true,"cpe23_uri":"cve5:bitdefender:gravityzone-control-center-on-premises:6.36.1:6.36.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2024-04-09T13:01:47.416000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:35:09.404088Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:09.404088Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:35:09.404088Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:56:44.112925Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:56:44.112925Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:56:44.112925Z","label":"SSVC decision revised","source":"vulnrichment"}]}