{"cve":{"cve_id":"CVE-2019-17099","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00652,"epss_percentile":0.46401,"epss_as_of":"2026-06-23","description":"An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163.","published_at":"2020-01-27T17:23:06.763000Z","last_modified_at":null,"cvss_v3_score":5.3,"cvss_v3_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-426"],"nvd_references":["https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:12:21.310944Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"L","value_label":"Low"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"bitdefender","vendor_name":"Bitdefender","product_slug":"epsecurityservice.exe","product_name":"EPSecurityService.exe","version_start":"6.6.11.162 and prior","version_start_inclusive":true,"version_end":"6.6.11.162 and prior","version_end_inclusive":true,"cpe23_uri":"cve5:bitdefender:epsecurityservice.exe:6.6.11.162 and prior:6.6.11.162 and prior"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2020-01-27T17:23:06.763000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T16:59:57.779798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T16:59:57.779798Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T16:59:57.779798Z","label":"CVSS score revised","source":"cvelistv5"}]}