An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall password protection. An unauthorized user with sudo privileges can manually remove the application directory (/Applications/Endpoint Security for Mac.app/) and the related directories within /Library/Bitdefender/AVP without needing the uninstall password.
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XBitdefender Endpoint Security
APPBitdefender< 7.20.52.200087
Related vulnerabilities
An Incorrect Regular Expression vulnerability in Bitdefender GravityZone Update Server allows an attacker to c...
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServ...
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender En...
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process ...
Stored XSS w Psono Client / Bitdefender SecurePass via złośliwe URL w magazynie haseł