CVE-2020-15734

Same-origin policy vulnerability in Bitdefender Safepay

CVSS 5.5 MEDIUMEPSS 0.2%CWE-346

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

12 Apr 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same directory or sub-directories. This issue affects: Bitdefender Safepay versions prior to 25.0.7.29.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Bitdefender · Safepay

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bitdefender.com/support/security-advisories/origin-policy-vulnerability-bitdefender-safepay/