Vulnerabilites related to bitdefender - endpoint_security
Vulnerability from fkie_nvd
Published
2020-08-30 21:15
Modified
2024-11-21 05:38
Severity ?
8.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | endpoint_security | * | |
| bitdefender | endpoint_security_tools | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D462FB12-775E-4D7A-9CD7-929C3433A24A",
"versionEndExcluding": "6.6.18.261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "21ACEF66-8196-4BCC-B43E-F84152E40323",
"versionEndExcluding": "6.6.18.261",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product\u0027s security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n inapropiada en Bitdefender Endpoint Security Tools para Windows y Bitdefender Endpoint Security SDK, permite a un atacante local no privilegiado escalar privilegios o alterar la configuraci\u00f3n de seguridad del producto. Este problema afecta a: Bitdefender Endpoint Security Tools para Windows versiones anteriores a 6.6.18.261. Este problema afecta a: Bitdefender Endpoint Security Tools para Windows versiones anteriores a 6.6.18.261. Bitdefender Endpoint Security SDK versiones anteriores a 6.6.18.261"
}
],
"id": "CVE-2020-8097",
"lastModified": "2024-11-21T05:38:17.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-30T21:15:11.767",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-03 12:15
Modified
2024-11-21 05:38
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | endpoint_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8975E4C2-E5B3-43C3-92FD-7B20E94667D3",
"versionEndExcluding": "4.12.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Autenticaci\u00f3n Inapropiada en Bitdefender Endpoint Security para Mac, permite a un proceso no privilegiado reiniciar el servicio principal y potencialmente inyectar c\u00f3digo de terceros a un proceso confiable. Este problema afecta a: Bitdefender Endpoint Security para Mac versiones anteriores a 4.12.80"
}
],
"id": "CVE-2020-8108",
"lastModified": "2024-11-21T05:38:18.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-03T12:15:11.550",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 13:15
Modified
2025-02-07 19:00
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | endpoint_security | 7.0.5.200089 | |
| bitdefender | endpoint_security | 7.9.9.380 | |
| bitdefender | gravityzone_control_center | 6.36.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security:7.0.5.200089:*:*:*:*:linux:*:*",
"matchCriteriaId": "AAB89966-3C21-4B7D-AC06-852112583783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security:7.9.9.380:*:*:*:*:windows:*:*",
"matchCriteriaId": "D1F56724-5FFE-414B-95D1-96351A0F9686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:gravityzone_control_center:6.36.1:*:*:*:on_premises:*:*:*",
"matchCriteriaId": "75899627-A80E-49B6-9EBA-433DF7F2BE37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:\u00a0\n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for\u00a0 Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de expresi\u00f3n regular incorrecta en Bitdefender GravityZone Update Server permite a un atacante provocar Server Side Request Forgery y reconfigurar el rel\u00e9. Este problema afecta a los siguientes productos que incluyen el componente vulnerable: Bitdefender Endpoint Security para Linux versi\u00f3n 7.0.5.200089 Bitdefender Endpoint Security para Windows versi\u00f3n 7.9.9.380 GravityZone Control Center (On Premises) versi\u00f3n 6.36.1"
}
],
"id": "CVE-2024-2223",
"lastModified": "2025-02-07T19:00:24.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T13:15:33.057",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-185"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-09 13:15
Modified
2025-02-07 18:53
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bitdefender | endpoint_security | 7.0.5.200089 | |
| bitdefender | endpoint_security | 7.9.9.380 | |
| bitdefender | gravityzone_control_center | 6.36.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security:7.0.5.200089:*:*:*:*:linux:*:*",
"matchCriteriaId": "AAB89966-3C21-4B7D-AC06-852112583783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:endpoint_security:7.9.9.380:*:*:*:*:windows:*:*",
"matchCriteriaId": "D1F56724-5FFE-414B-95D1-96351A0F9686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bitdefender:gravityzone_control_center:6.36.1:*:*:*:on_premises:*:*:*",
"matchCriteriaId": "75899627-A80E-49B6-9EBA-433DF7F2BE37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u2018Path Traversal\u2019) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: \n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") en el componente UpdateServer de Bitdefender GravityZone permite a un atacante ejecutar c\u00f3digo arbitrario en instancias vulnerables. Este problema afecta a los siguientes productos que incluyen el componente vulnerable: Bitdefender Endpoint Security para Linux versi\u00f3n 7.0.5.200089 Bitdefender Endpoint Security para Windows versi\u00f3n 7.9.9.380 GravityZone Control Center (On Premises) versi\u00f3n 6.36.1"
}
],
"id": "CVE-2024-2224",
"lastModified": "2025-02-07T18:53:18.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-09T13:15:33.357",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Primary"
}
]
}
CVE-2020-8108 (GCVE-0-2020-8108)
Vulnerability from cvelistv5
Published
2020-08-03 11:55
Modified
2024-09-16 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bitdefender | Endpoint Security for Mac |
Version: unspecified < 4.12.80 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Endpoint Security for Mac",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "4.12.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ricardo Ungureanu"
}
],
"datePublic": "2020-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-03T11:55:14",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759/"
}
],
"solutions": [
{
"lang": "en",
"value": "Version 4.12.80 of Bitdefender Endpoint Endpoint Security for Mac mitigates this issue. Customers running Endpoint Security for Mac have received an automatic update that fixes the issue."
}
],
"source": {
"defect": [
"VA-8759"
],
"discovery": "INTERNAL"
},
"title": "Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-08-03T13:00:00.000Z",
"ID": "CVE-2020-8108",
"STATE": "PUBLIC",
"TITLE": "Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Endpoint Security for Mac",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.12.80"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ricardo Ungureanu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759/",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/insufficient-client-validation-bitdefender-endpoint-security-mac-va-8759/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Version 4.12.80 of Bitdefender Endpoint Endpoint Security for Mac mitigates this issue. Customers running Endpoint Security for Mac have received an automatic update that fixes the issue."
}
],
"source": {
"defect": [
"VA-8759"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8108",
"datePublished": "2020-08-03T11:55:14.875995Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T17:43:54.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2224 (GCVE-0-2024-2224)
Vulnerability from cvelistv5
Published
2024-04-09 13:01
Modified
2024-08-01 19:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bitdefender | GravityZone Control Center (On Premises) |
Version: 6.36.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitdefender:gravityzone:6.36.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gravityzone",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "6.36.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:endpoint_security_for_windows:7.9.9.380:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security_for_windows",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "7.9.9.380"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:endpoint_security_for_linux:70.5.200089:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security_for_linux",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "70.5.200089"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T14:18:06.302656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:37:44.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GravityZone Control Center (On Premises)",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "6.36.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Endpoint Security for Windows",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.9.9.380"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Endpoint Security for Linux",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.0.5.200089"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicolas VERDIER -- n1nj4sec"
}
],
"datePublic": "2024-03-11T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Limitation of a Pathname to a Restricted Directory (\u2018Path Traversal\u2019) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: \u003cbr\u003e\u003cbr\u003eBitdefender Endpoint Security for Linux version 7.0.5.200089\u003cbr\u003eBitdefender Endpoint Security for Windows version 7.9.9.380\u003cbr\u003eGravityZone Control Center (On Premises) version 6.36.1\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u2018Path Traversal\u2019) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: \n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n"
}
],
"impacts": [
{
"capecId": "CAPEC-21",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-21: Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T13:01:47.416Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-the-gravityzone-productmanager-updateserver-kitsmanager-api-va-11466/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic update to the following versions fixes the issues:\u003cbr\u003e\u003cbr\u003eBitdefender Endpoint Security for Linux version 7.0.5.200090\u003cbr\u003eBitdefender Endpoint Security for Windows version 7.9.9.381\u003cbr\u003eGravityZone Control Center (On Premises) version 6.36.1-1\u003cbr\u003e"
}
],
"value": "An automatic update to the following versions fixes the issues:\n\nBitdefender Endpoint Security for Linux version 7.0.5.200090\nBitdefender Endpoint Security for Windows version 7.9.9.381\nGravityZone Control Center (On Premises) version 6.36.1-1\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-11466)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2024-2224",
"datePublished": "2024-04-09T13:01:47.416Z",
"dateReserved": "2024-03-06T14:44:03.507Z",
"dateUpdated": "2024-08-01T19:03:39.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2223 (GCVE-0-2024-2223)
Vulnerability from cvelistv5
Published
2024-04-09 13:01
Modified
2024-08-12 17:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-185 - Incorrect Regular Expression
Summary
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:
Bitdefender Endpoint Security for Linux version 7.0.5.200089
Bitdefender Endpoint Security for Windows version 7.9.9.380
GravityZone Control Center (On Premises) version 6.36.1
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Bitdefender | GravityZone Control Center (On Premises) |
Version: 6.36.1 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:39.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bitdefender:gravityzone:6.36.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gravityzone",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "6.36.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:endpoint_security_for_windows:7.9.9.380:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security_for_windows",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "7.9.9.380"
}
]
},
{
"cpes": [
"cpe:2.3:a:bitdefender:endpoint_security_for_linux:7.0.5.200089:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "endpoint_security_for_linux",
"vendor": "bitdefender",
"versions": [
{
"status": "affected",
"version": "7.0.5.200089"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T15:13:14.948905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T17:59:36.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GravityZone Control Center (On Premises)",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "6.36.1"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Endpoint Security for Windows",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.9.9.380"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Endpoint Security for Linux",
"vendor": "Bitdefender",
"versions": [
{
"status": "affected",
"version": "7.0.5.200089"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nicolas VERDIER -- n1nj4sec"
}
],
"datePublic": "2024-04-09T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:\u0026nbsp;\u003cbr\u003e\u003cbr\u003eBitdefender Endpoint Security for Linux version 7.0.5.200089\u003cbr\u003eBitdefender Endpoint Security for\u0026nbsp; Windows version 7.9.9.380\u003cbr\u003eGravityZone Control Center (On Premises) version 6.36.1\u003cbr\u003e\u003c/span\u003e"
}
],
"value": "An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to cause a Server Side Request Forgery and reconfigure the relay. This issue affects the following products that include the vulnerable component:\u00a0\n\nBitdefender Endpoint Security for Linux version 7.0.5.200089\nBitdefender Endpoint Security for\u00a0 Windows version 7.9.9.380\nGravityZone Control Center (On Premises) version 6.36.1\n"
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664: Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T13:01:34.716Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"url": "https://www.bitdefender.com/support/security-advisories/incorrect-regular-expression-in-gravityzone-update-server-va-11465/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An automatic update to the following versions fixes the issues:\u003cbr\u003e\u003cbr\u003eBitdefender Endpoint Security for Linux version 7.0.5.200090\u003cbr\u003eBitdefender Endpoint Security for Windows version 7.9.9.381\u003cbr\u003eGravityZone Control Center (On Premises) version 6.36.1-1\u003cbr\u003e"
}
],
"value": "An automatic update to the following versions fixes the issues:\n\nBitdefender Endpoint Security for Linux version 7.0.5.200090\nBitdefender Endpoint Security for Windows version 7.9.9.381\nGravityZone Control Center (On Premises) version 6.36.1-1\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": " Incorrect Regular Expression in GravityZone Update Server (VA-11465)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2024-2223",
"datePublished": "2024-04-09T13:01:34.716Z",
"dateReserved": "2024-03-06T14:44:01.368Z",
"dateUpdated": "2024-08-12T17:59:36.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8097 (GCVE-0-2020-8097)
Vulnerability from cvelistv5
Published
2020-08-30 20:35
Modified
2024-09-17 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Bitdefender | Endpoinit Security Tools for Windows |
Version: unspecified < 6.6.18.261 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Endpoinit Security Tools for Windows",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "6.6.18.261",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Endpoint Security SDK",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "6.6.18.261",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nicolas VERDIER, Senior IT Security Consultant at Tehtris"
}
],
"datePublic": "2020-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product\u0027s security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-30T20:35:15",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to Bitdefender Endpoint Security Tools / Bitdefender Endpoint Security SDK version 6.6.18.261 or newer fixes the issue."
}
],
"source": {
"defect": [
"VA-8646"
],
"discovery": "EXTERNAL"
},
"title": "Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2020-08-30T09:00:00.000Z",
"ID": "CVE-2020-8097",
"STATE": "PUBLIC",
"TITLE": "Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Endpoinit Security Tools for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.18.261"
}
]
}
},
{
"product_name": "Endpoint Security SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.6.18.261"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nicolas VERDIER, Senior IT Security Consultant at Tehtris"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product\u0027s security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to Bitdefender Endpoint Security Tools / Bitdefender Endpoint Security SDK version 6.6.18.261 or newer fixes the issue."
}
],
"source": {
"defect": [
"VA-8646"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2020-8097",
"datePublished": "2020-08-30T20:35:15.822830Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T02:51:32.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}