HPI-VDB — Database for IT-Attack Analysis


ID: CVE-2022-32272

Last Modified: March 28, 2023

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

Twitter Activity

Tweets last week: 0

Remaining steady

Yahoo Activity

Yahoo results: 125000

Remaining steady

EPSS History

Current EPSS Score: 0.00757

Remaining steady

Reddit Activity

Reddit Posts: 1

Remaining steady

Github Repos

Github Repos: 0

Remaining steady

Exploits

Found exploits:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: High

Availability: High

Base Score: 9.8

Exploitability Score: 3.9

Impact Score: 5.9

CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Specialize CVSS-Score

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

CWE-269

Condition Configuration
OR
OR
Alle Schwachstellen für opswat
Date: March 28, 2023

Description: OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation.
CWE-ID: Not defined
Base Score V2: Not defined
Exploitability Score V2: Not defined
Impact Score V2: Not defined
Base Score V3: Not defined
Exploitability Score V3: Not defined
Impact Score V3: Not defined
Cvss Vector V2: Not defined
Cvss Vector V3: Not defined
Configuration:
added:
cpe:2.3:a:opswat:metadefender:*:*:*:*:*:*:*:*
Reference:
added:
https://docs.opswat.com/mdicap/release-notes/version-4-12-1
https://docs.opswat.com/mdemail/release-notes
https://docs.opswat.com/mdemail/release-notes/version-5-6-1
https://docs.opswat.com/mdicap/release-notes
http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html


                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:opswat:metadefender:*:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>