Back

URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)

Publication date: December 14th, 2020


CVE ID:
CVE-2020-15733
CVSS scrore:
6.5 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected vendors:
Bitdefender
Affected products:
Bitdefender Antivirus Plus
Vulnerability details:

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Additional details:
An automatic update in version 25.0.7.29 of Bitdefender Antivirus Plus fixes the issue.
Credit:
@imnaredrabhati