From 0cb44df6c834d4031d4a8e2831c497434df735aa Mon Sep 17 00:00:00 2001 From: bogdanbotezatu Date: Mon, 22 Jun 2020 12:29:45 +0300 Subject: [PATCH] Adding information for CVE-2020-8102 --- 2020/8xxx/CVE-2020-8102.json | 95 +++++++++++++++++++++++++++++++++--- 1 file changed, 89 insertions(+), 6 deletions(-) diff --git a/2020/8xxx/CVE-2020-8102.json b/2020/8xxx/CVE-2020-8102.json index 801f60fa6af..a08d5add1ad 100644 --- a/2020/8xxx/CVE-2020-8102.json +++ b/2020/8xxx/CVE-2020-8102.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2020-06-22T14:00:00.000Z", "ID": "CVE-2020-8102", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insufficient URL sanitization and validation in Safepay Browser (VA-8631)" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender Total Security 2020", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "24.0.20.116" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Wladimir Palant" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process.\nThis issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.bitdefender.com/support/security-advisories/insufficient-url-sanitization-validation-safepay-browser-va-8631/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An automatic update to product version 24.0.20.116 or later fixes the issue." + } + ], + "source": { + "defect": [ + "VA-8631" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file