Vulnerabilites related to Bitdefender - GravityZone Cloud Console
CVE-2022-2830 (GCVE-0-2022-2830)
Vulnerability from cvelistv5
Published
2022-09-05 11:55
Modified
2024-09-16 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Bitdefender | GravityZone Console On-Premise |
Version: unspecified < 6.29.2-1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:58.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GravityZone Console On-Premise",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "6.29.2-1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "GravityZone Cloud Console",
"vendor": "Bitdefender",
"versions": [
{
"lessThan": "6.27.2-2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T11:55:16",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"
}
],
"solutions": [
{
"lang": "en",
"value": "An automatic update to the following software versions fixes the issue:\n\nBitdefender GravityZone Console On-Premise version 6.29.2-1.\nBitdefender GravityZone Cloud Console version 6.27.2-2."
}
],
"source": {
"defect": [
"VA-10573"
],
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2022-09-04T21:00:00.000Z",
"ID": "CVE-2022-2830",
"STATE": "PUBLIC",
"TITLE": "Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GravityZone Console On-Premise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.29.2-1"
}
]
}
},
{
"product_name": "GravityZone Cloud Console",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.27.2-2"
}
]
}
}
]
},
"vendor_name": "Bitdefender"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573",
"refsource": "MISC",
"url": "https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573"
}
]
},
"solution": [
{
"lang": "en",
"value": "An automatic update to the following software versions fixes the issue:\n\nBitdefender GravityZone Console On-Premise version 6.29.2-1.\nBitdefender GravityZone Cloud Console version 6.27.2-2."
}
],
"source": {
"defect": [
"VA-10573"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2022-2830",
"datePublished": "2022-09-05T11:55:16.262762Z",
"dateReserved": "2022-08-16T00:00:00",
"dateUpdated": "2024-09-16T19:00:51.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}