CVE-2022-2830 HIGH

CVE-2022-2830: Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)

Vendor Bitdefender

Product GravityZone Console On-Premise

Weakness CWE-502 · Unsafe deserialization

Published September 5, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.

Key dates

02Disclosure timeline

September 5, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-2830 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

Identifiers

CVE CVE-2022-2830

CWE CWE-502

CVSS 8.8 / HIGH

Affected versions

Vendor Bitdefender

Product GravityZone Console On-Premise

Affected ≥ unspecified and < 6.29.2-1

Vendor Bitdefender

Product GravityZone Cloud Console

Affected ≥ unspecified and < 6.27.2-2

CVE-2022-2830: Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)

01Description

02Disclosure timeline

03References

04Related CVE