URL Spoofing Vulnerability in Bitdefender SafePay (VA-8958)

Publication date: December 14th, 2020

CVE ID:

CVE-2020-15733

CVSS scrore:

6.5 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected vendors:

Bitdefender

Affected products:

Bitdefender Antivirus Plus

Vulnerability details:

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar. This issue affects Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Additional details:

An automatic update in version 25.0.7.29 of Bitdefender Antivirus Plus fixes the issue.

Credit:

@imnaredrabhati