Auto-merge PR#4132

2025-08-04 08:44:25 +00:00 · 2020-06-22 05:35:19 -04:00 · 2020-06-22 05:35:19 -04:00 · ced73f2e9d
commit ced73f2e9d
parent 7b555cd708 0cb44df6c8
1 changed files with 89 additions and 6 deletions
--- a/2020/8xxx/CVE-2020-8102.json
+++ b/2020/8xxx/CVE-2020-8102.json
@ -1,18 +1,101 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "cve-requests@bitdefender.com",
+        "DATE_PUBLIC": "2020-06-22T14:00:00.000Z",
        "ID": "CVE-2020-8102",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Insufficient URL sanitization and validation in Safepay Browser (VA-8631)"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Bitdefender Total Security 2020",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "24.0.20.116"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Bitdefender"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Wladimir Palant"
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process.\nThis issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116."
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "HIGH",
+            "baseScore": 8.8,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20 Improper Input Validation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631/"
+            }
+        ]
+    },
+    "solution": [
+        {
+            "lang": "eng",
+            "value": "An automatic update to product version 24.0.20.116 or later fixes the issue."
+        }
+    ],
+    "source": {
+        "defect": [
+            "VA-8631"
+        ],
+        "discovery": "EXTERNAL"
    }
 }