Bitdefender Endpoint Security Tools vulnerabilities
13 known vulnerabilities affecting bitdefender/endpoint_security_tools.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH9MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2021-3554P2CRITICALCVSS 10.0fixed in 6.6.27.390≥ 7.0.0.00, < 7.1.2.332021-11-24
CVE-2021-3554 [CRITICAL] CWE-284 CVE-2021-3554: Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoin
Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdef
nvd
CVE-2021-3553P3HIGHCVSS 7.5fixed in 6.2.21.160≥ 6.6.27.0, < 6.6.27.390+3 more2021-11-24
CVE-2021-3553 [HIGH] CWE-918 CVE-2021-3553: A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint S
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender Unified Endpoint for Linux
nvd
CVE-2021-3552P3HIGHCVSS 7.5fixed in 6.2.21.160≥ 6.6.27.0, < 6.6.27.390+3 more2021-11-24
CVE-2021-3552 [HIGH] CWE-918 CVE-2021-3552: A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender
A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions prior to 7.1.2.33. Bitdefender GravityZone 6.24.1-1.
nvd
CVE-2025-7073P3HIGHCVSS 7.8fixed in 7.9.20.5152025-12-10
CVE-2025-7073 [HIGH] CWE-59 CVE-2025-7073: A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.2
A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without proper symbolic link validation, enabling arbitrary file deletion. This is
nvd
CVE-2021-4199P3HIGHCVSS 7.8fixed in 7.4.3.1462022-03-07
CVE-2021-4199 [HIGH] CWE-732 CVE-2021-4199: Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.
nvd
CVE-2022-0677P3HIGHCVSS 7.5fixed in 6.2.21.171fixed in 7.4.1.1112022-04-07
CVE-2022-0677 [HIGH] CWE-130 CVE-2022-0677: Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of
Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 2
nvd
CVE-2021-3576P3HIGHCVSS 7.8fixed in 7.2.1.65≥ unspecified, < 7.2.1.652021-10-28
CVE-2021-3576 [HIGH] CWE-250 CVE-2021-3576: Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Se
Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security
nvd
CVE-2021-3579P3HIGHCVSS 7.8fixed in 7.2.1.652021-10-28
CVE-2021-3579 [HIGH] CWE-276 CVE-2021-3579: Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe comp
Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefen
nvd
CVE-2020-8097P3HIGHCVSS 7.8fixed in 6.6.18.2612020-08-30
CVE-2020-8097 [HIGH] CWE-287 CVE-2020-8097: An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitd
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects
nvd
CVE-2019-17099P3HIGHCVSS 7.8fixed in 6.6.11.1632020-01-27
CVE-2019-17099 [HIGH] CWE-426 CVE-2019-17099: An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Secu
An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.
nvd
CVE-2021-3485P3MEDIUMCVSS 6.6fixed in 6.2.21.1552021-05-24
CVE-2021-3485 [MEDIUM] CWE-494 CVE-2021-3485: An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Sec
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.
nvd
CVE-2021-4198P4MEDIUMCVSS 6.1fixed in 7.2.2.92≥ unspecified, < 7.2.2.922022-03-07
CVE-2021-4198 [MEDIUM] CWE-476 CVE-2021-4198: A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender T
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29.
nvd
CVE-2020-15279P4LOWCVSS 3.3fixed in 6.6.23.3202021-05-18
CVE-2020-15279 [LOW] CWE-284 CVE-2020-15279: An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security T
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
nvd