CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Published: Jun 22, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-15732
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
bitdefender / antivirus_plus	-	25.0.7.29
bitdefender / total_security	-	25.0.7.29
bitdefender / internet_security	-	25.0.7.29

https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-bitdefender-total-security-va-8957

Vulnerability Database

289,697

CVE-2020-15732