CVE-2020-15734

EPSS 0.02%
Veröffentlicht 12.04.2021 17:15:13
Zuletzt bearbeitet 21.11.2024 05:06:07
Quelle cve-requests@bitdefender.com
CVE-Watchlists
Login
Unerledigt
Login

Same-origin policy vulnerability in Bitdefender Safepay

An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitdefender ≫ Safepay Version < 25.0.7.29

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.038

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
cve-requests@bitdefender.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://www.bitdefender.com/support/security-advisories/origin-policy-vulnerability-bitdefender-safepay/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15734

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15734

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15734

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-15734