Lucene search

[email protected]NVD:CVE-2020-15733

HistoryDec 14, 2020 - 5:15 p.m.

CVE-2020-15733

2020-12-1417:15:11

CWE-346

[email protected]

web.nvd.nist.gov

cve-2020-15733

safepay component

web resource misrepresentation

url bar

bitdefender antivirus plus

version 25.0.7.29.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.3%

JSON

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects: Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Affected configurations

Nvd

Node

bitdefenderantivirus_plusRange<25.0.7.29

VendorProductVersionCPE
bitdefenderantivirus_plus*cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bitdefender	antivirus_plus	*	cpe:2.3:a:bitdefender:antivirus_plus::::::::

References

www.bitdefender.com/support/security-advisories/url-spoofing-vulnerability-bitdefender-safepay-va-8958

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

56.3%

JSON

Related for NVD:CVE-2020-15733

cve1 cvelist1 prion1