CVE-2022-2830

Description

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Bitdefender / GravityZone Cloud Consoleunspecified – 6.27.2-2
Bitdefender / GravityZone Console On-Premiseunspecified – 6.29.2-1

References

VENDOR_ADVISORYhttps://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573