Vulnerabilities > CVE-2022-28795 - Unspecified vulnerability in Avira Password Manager

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

avira

NVD

Published: 2022-04-12

Updated: 2024-11-21

Summary

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.

Vulnerable Configurations

Part	Description	Count
Application	Avira Avira Password Manager 2.18.4.3847 Avira Password Manager 2.18.4.38471 Avira Password Manager 2.18.4 Avira Password Manager 2.18.4.3868	5

References

https://support.norton.com/sp/static/external/tools/security-advisories.html
https://support.norton.com/sp/static/external/tools/security-advisories.html