CVE-2022-2830

Published Sep 5, 2022

Last updated 6 months ago

CVSS high 8.8

Overview

Description: Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.
Source: cve-requests@bitdefender.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cve-requests@bitdefender.com: CWE-502

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:cloud:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "973C0CA3-5E63-4375-823D-B3FF934F0819",
            "versionEndExcluding": "6.27.2-2"
          },
          {
            "criteria": "cpe:2.3:a:bitdefender:gravityzone:*:*:*:*:on-premise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EF8A286-8C5E-462F-A4E2-A7FD59B1C794",
            "versionEndExcluding": "6.29.2-1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References