CVE-2022-32272

high-risk
Published 2022-06-09

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

Do I need to act?

!
21.2% chance of exploitation in next 30 days
EPSS score — higher than 79% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51113
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Metadefender

Affected Vendors

Opswat

References (14)

http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Priv...
Release Notes https://docs.opswat.com/mdcore/release-notes
https://docs.opswat.com/mdemail/release-notes
https://docs.opswat.com/mdemail/release-notes/version-5-6-1
https://docs.opswat.com/mdicap/release-notes
https://docs.opswat.com/mdicap/release-notes/version-4-12-1
Product https://opswat.com
http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Priv...
Release Notes https://docs.opswat.com/mdcore/release-notes
https://docs.opswat.com/mdemail/release-notes
https://docs.opswat.com/mdemail/release-notes/version-5-6-1
https://docs.opswat.com/mdicap/release-notes
https://docs.opswat.com/mdicap/release-notes/version-4-12-1
Product https://opswat.com
51
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal