Vulnerability Description
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opswat | Metadefender | < 5.1.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Priv
- https://docs.opswat.com/mdcore/release-notesRelease NotesVendor Advisory
- https://docs.opswat.com/mdemail/release-notes
- https://docs.opswat.com/mdemail/release-notes/version-5-6-1
- https://docs.opswat.com/mdicap/release-notes
- https://docs.opswat.com/mdicap/release-notes/version-4-12-1
- https://opswat.comProduct
- http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Priv
- https://docs.opswat.com/mdcore/release-notesRelease NotesVendor Advisory
- https://docs.opswat.com/mdemail/release-notes
- https://docs.opswat.com/mdemail/release-notes/version-5-6-1
- https://docs.opswat.com/mdicap/release-notes
- https://docs.opswat.com/mdicap/release-notes/version-4-12-1
- https://opswat.comProduct
FAQ
What is CVE-2022-32272?
CVE-2022-32272 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
How severe is CVE-2022-32272?
CVE-2022-32272 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-32272?
Check the references section above for vendor advisories and patch information. Affected products include: Opswat Metadefender.