Insufficient URL sanitization and validation in Safepay Browser (VA-8631)
CVE-2020-8102

8.8HIGH

Key Information:

Vendor

Bitdefender

Status
Bitdefender Total Security 2020
Vendor
CVE Published:
22 June 2020

What is CVE-2020-8102?

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.

Affected Version(s)

Bitdefender Total Security 2020 < 24.0.20.116

References

https://www.bitdefender.com/support/security-advisories/i...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Wladimir Palant
JSON
.