Privilege Escalation Vulnerability in OPSWAT MetaDefender Core and Other Products
CVE-2022-32272

9.8CRITICAL

Key Information:

Vendor: Opswat
Status: Metadefender
Vendor: CVE Published:; 9 June 2022

What is CVE-2022-32272?

Certain versions of OPSWAT's MetaDefender Core, ICAP, and Email Gateway Security exhibit incorrect access control mechanisms. This flaw could allow unauthorized users to escalate their privileges, gaining access to restricted functionalities that are typically reserved for admin-level users. It is crucial for organizations using these products to apply updates or mitigation strategies to safeguard against potential exploitation.

References

https://opswat.com

https://docs.opswat.com/mdcore/release-notes

https://docs.opswat.com/mdemail/release-notes

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2022
Vulnerability Reserved
Jun 3, 2022

Opswat

What is CVE-2022-32272?

References

EPSS Score

CVSS V3.1

Timeline