CVE-2020-15279 MEDIUM

CVE-2020-15279: Scanning exclusion paths disclosure in BEST for Windows

Vendor Bitdefenderd

Product Endpoint Security Tools for Windows

Weakness CWE-284

Published May 18, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

4.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.

Key dates

02Disclosure timeline

May 18, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-15279 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2020-15279

CWE CWE-284

CVSS 4.0 / MEDIUM

Affected versions