CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:06

Type Values Removed Values Added
References () https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 - Vendor Advisory () https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 - Vendor Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 6.5

29 Jun 2021, 13:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (MISC) https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 - (MISC) https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957 - Vendor Advisory
CPE cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*
cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*
CWE CWE-295

22 Jun 2021, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-06-22 15:15

Updated : 2024-11-21 05:06


NVD link : CVE-2020-15732

Mitre link : CVE-2020-15732

CVE.ORG link : CVE-2020-15732


JSON object : View

Products Affected

bitdefender

  • antivirus_plus
  • total_security
  • internet_security
CWE
CWE-295

Improper Certificate Validation