Gravityzone Console
Approved changes feed: RSS · Atom
cpe:2.3:a:bitdefender:gravityzone_console:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Bitdefender (d5582d91-5be9-5b61-8324-642705c220ed) |
|---|---|
| Product | Gravityzone Console (0a073fe9-65de-595b-b716-3453a6eb7aae) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2244 |
vulnerable | 2026-06-03 15:00:25.013446 |
Insecure PHP deserialization issue in GravityZone Console (VA-12634)
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, and gain arbitrary command execution on the host system.
Published: 2025-04-04T09:52:48.684Z
Updated: 2025-04-04T14:26:11.160Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2243 |
vulnerable | 2026-06-03 15:00:25.011306 |
SSRF in GravityZone Console via DNS Truncation (VA-12634)
A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue affects GravityZone Console: before 6.41.2.1.
Published: 2025-04-04T09:53:25.476Z
Updated: 2025-04-04T14:21:05.194Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.