CVE-2020-8102 HIGH

CVE-2020-8102: Insufficient URL sanitization and validation in Safepay Browser (VA-8631)

Vendor Bitdefender

Product Bitdefender Total Security 2020

Weakness CWE-20 · Input validation

Published June 22, 2020

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.

Key dates

02Disclosure timeline

June 22, 2020 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-8102 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2020-8102

CWE CWE-20

CVSS 8.8 / HIGH

Affected versions