CVE-2022-28795

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.

Ссылки

https://support.norton.com/sp/static/external/tools/security-advisories.html
Third Party Advisory
https://support.norton.com/sp/static/external/tools/security-advisories.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:avira:password_manager:2.18.4:*:*:*:*:safari:*:*

cpe:2.3:a:avira:password_manager:2.18.4.3847:*:*:*:*:edge:*:*

cpe:2.3:a:avira:password_manager:2.18.4.3847:*:*:*:*:opera:*:*

cpe:2.3:a:avira:password_manager:2.18.4.3868:*:*:*:*:chrome:*:*

cpe:2.3:a:avira:password_manager:2.18.4.38471:*:*:*:*:firefox:*:*

EPSS

Процентиль: 60%

0.00391

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-rqq4-vj49-wj54