Back

Deserialization of Untrusted Data in GravityZone Console (VA-10573)

Publication date: September 5th, 2022

CVE ID:

CVE-2022-2830

CVSS scrore:

8.8 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Bitdefender GravityZone Console On-Premise, Bitdefender GravityZone Cloud Console

Vulnerability details:

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment.

This issue affects:

Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1.
Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.

Additional details:

An automatic update to the following software versions fixes the issue: Bitdefender GravityZone Console On-Premise version 6.29.2-1. Bitdefender GravityZone Cloud Console version 6.27.2-2.