Opswat Metadefender vulnerabilities
4 known vulnerabilities affecting opswat/metadefender.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-32272P2CRITICALCVSS 9.8PoCfixed in 5.1.22022-06-09
CVE-2022-32272 [CRITICAL] CWE-269 CVE-2022-32272: OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gatew
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
nvd
CVE-2018-16275P4HIGHCVSS 7.8fixed in 4.11.22018-08-31
CVE-2018-16275 [HIGH] CWE-1236 CVE-2018-16275: OPSWAT MetaDefender before v4.11.2 allows CSV injection.
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
nvd
CVE-2022-40778P4MEDIUMCVSS 5.4fixed in 4.13.02022-09-19
CVE-2022-40778 [MEDIUM] CWE-79 CVE-2022-40778: A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 a
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
nvd
CVE-2022-32273P4MEDIUMCVSS 4.3fixed in 5.1.22022-06-08
CVE-2022-32273 [MEDIUM] CWE-203 CVE-2022-32273: As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) bef
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.
nvd