Back

Scanning exclusion paths disclosure in BEST for Windows (VA-9380)

Publication date: May 18th, 2021

CVE ID:

CVE-2020-15279

CVSS scrore:

4.0 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected vendors:

Bitdefender

Affected products:

Bitdefender Endpoint Security Tools for Windows

Vulnerability details:

An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows allows a regular user to learn the scanning exclusion paths. This issue affects Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320.

Additional details:

An automatic update to version 6.6.23.320 fixes the issue.