Vulnerabilities > CVE-2022-28795 - Unspecified vulnerability in Avira Password Manager

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

avira

NVD

Published: 2022-04-12

Updated: 2022-04-20

Summary

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then access this information via JavaScript. The issue was fixed with the browser extensions version 2.18.5 for Chrome, MS Edge, Opera, Firefox, and Safari.

Vulnerable Configurations

Part	Description	Count
Application	Avira Avira Password Manager 2.18.4 Avira Password Manager 2.18.4.3847 Avira Password Manager 2.18.4.3868 Avira Password Manager 2.18.4.38471	5

References

https://support.norton.com/sp/static/external/tools/security-advisories.html