Bitdefender Endpoint Security Tools — known CVE vulnerabilities
Every CVE whose affected-product data names Bitdefender Endpoint Security Tools, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2021-3554 — CVSS 9.0 (critical): Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay…
CVE-2020-8097 — CVSS 8.1 (high): An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an…
CVE-2025-7073 — CVSS 7.8 (high): A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to…
CVE-2021-3576 — CVSS 7.8 (high): Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to…
CVE-2021-3579 — CVSS 7.8 (high): Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint…
CVE-2021-4199 — CVSS 7.8 (high): Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender…
CVE-2022-0677 — CVSS 7.5 (high): Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in…
CVE-2021-3485 — CVSS 6.4 (medium): An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a…
CVE-2021-4198 — CVSS 6.1 (medium): A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security…
CVE-2019-17099 — CVSS 5.3 (medium): An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163…
CVE-2021-3552 — CVSS 5.3 (medium): A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an…
CVE-2021-3553 — CVSS 5.3 (medium): A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use…
CVE-2020-15279 — CVSS 4.0 (medium): An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to…