CVE-2020-8097

EPSS 0.02%
Veröffentlicht 30.08.2020 21:15:11
Zuletzt bearbeitet 21.11.2024 05:38:17
Quelle cve-requests@bitdefender.com
CVE-Watchlists
Login
Unerledigt
Login

An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitdefender ≫ Endpoint Security SwPlatformwindows Version < 6.6.18.261

Bitdefender ≫ Endpoint Security Tools SwPlatformwindows Version < 6.6.18.261

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.052

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
cve-requests@bitdefender.com	8.1	1.5	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8097

EUVD