Input validation

2021-06-2215:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

CPENameOperatorVersion
antivirus_pluslt25.0.7.29
internet_securitylt25.0.7.29
total_securitylt25.0.7.29

Name	Operator	Version
antivirus_plus	lt	25.0.7.29
internet_security	lt	25.0.7.29
total_security	lt	25.0.7.29

References

www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957