Deserialization of Untrusted Data in GravityZone Console (VA-10573)

Publication date: September 5th, 2022

CVSS scrore:
8.8 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected vendors:
Affected products:
Bitdefender GravityZone Console On-Premise, Bitdefender GravityZone Cloud Console
Vulnerability details:

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment.

This issue affects:

Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1.
Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.

Additional details:
An automatic update to the following software versions fixes the issue: Bitdefender GravityZone Console On-Premise version 6.29.2-1. Bitdefender GravityZone Cloud Console version 6.27.2-2.