CVE-2022-2830

Deserialization of Untrusted Data in GravityZone Console On-Premise (VA-10573)

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.

Una vulnerabilidad de Deserialización de Datos No Confiables en el componente de procesamiento de mensajes de Bitdefender GravityZone Console permite a un atacante pasar comandos no seguros al entorno. Este problema afecta a: Bitdefender GravityZone Console On-Premise versiones anteriores a 6.29.2-1. Bitdefender GravityZone Cloud Console versiones anteriores a 6.27.2-2

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-16 CVE Reserved
2022-09-05 CVE Published
2024-09-16 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.bitdefender.com/support/security-advisories/deserialization-of-untrusted-data-in-gravityzone-console-va-10573	2022-09-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Bitdefender Search vendor "Bitdefender"		Gravityzone Search vendor "Bitdefender" for product "Gravityzone"				< 6.27.2-2 Search vendor "Bitdefender" for product "Gravityzone" and version " < 6.27.2-2"		cloud		Affected
Bitdefender Search vendor "Bitdefender"		Gravityzone Search vendor "Bitdefender" for product "Gravityzone"				< 6.29.2-1 Search vendor "Bitdefender" for product "Gravityzone" and version " < 6.29.2-1"		on-premise		Affected