Back

Insufficient URL sanitization and validation in Safepay Browser (VA-8631)

Publication date: June 22nd, 2020

CVE ID:

CVE-2020-8102

CVSS scrore:

8.8 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Bitdefender SafePay

Vulnerability details:

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.

Additional details:

An automatic update to product version 24.0.20.116 or later fixes the issue.

Credit:

Wladimir Palant