Vulnerabilities > Bitdefender > Endpoint Security Tools > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2022-0677 | Unspecified vulnerability in Bitdefender Endpoint Security Tools, Gravityzone and Update Server Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. | 7.5 |
| 2022-03-07 | CVE-2021-4199 | Incorrect Permission Assignment for Critical Resource vulnerability in Bitdefender products Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. | 7.8 |
| 2021-11-24 | CVE-2021-3552 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. | 7.5 |
| 2021-11-24 | CVE-2021-3553 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. | 7.5 |
| 2021-10-28 | CVE-2021-3576 | Improper Privilege Management vulnerability in Bitdefender Endpoint Security Tools and Total Security Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. | 7.8 |
| 2021-10-28 | CVE-2021-3579 | Incorrect Default Permissions vulnerability in Bitdefender Endpoint Security Tools and Total Security Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. | 7.8 |
| 2020-08-30 | CVE-2020-8097 | Improper Authentication vulnerability in Bitdefender Endpoint Security and Endpoint Security Tools An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. | 7.8 |
| 2020-01-27 | CVE-2019-17099 | Untrusted Search Path vulnerability in Bitdefender Endpoint Security Tools An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. | 7.8 |