CVE-2022-32272

Published: Jun 9, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

Affected (1)

Products: Opswat: Metadefender

Opswat

1 product

Metadefender

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opswat Metadefender	Before 5.1.2

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (14)

http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html

Source: cve@mitre.org

https://docs.opswat.com/mdcore/release-notes

Source: cve@mitre.org

Release NotesVendor Advisory

https://docs.opswat.com/mdemail/release-notes

Source: cve@mitre.org

https://docs.opswat.com/mdemail/release-notes/version-5-6-1

Source: cve@mitre.org

https://docs.opswat.com/mdicap/release-notes

Source: cve@mitre.org

https://docs.opswat.com/mdicap/release-notes/version-4-12-1

Source: cve@mitre.org

https://opswat.com

Source: cve@mitre.org

Product

http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html