Skip to main content

Metadefender

4 CVEs product

Monthly

CVE-2022-40778 MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metadefender
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-32272 CRITICAL POC Act Now

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Metadefender
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2022-32273 MEDIUM This Month

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metadefender
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2018-16275 HIGH This Week

OPSWAT MetaDefender before v4.11.2 allows CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Metadefender
NVD
CVSS 3.0
7.8
EPSS
0.9%
EPSS 0% CVSS 5.4
MEDIUM This Month

A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metadefender
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Metadefender
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Metadefender
NVD
EPSS 1% CVSS 7.8
HIGH This Week

OPSWAT MetaDefender before v4.11.2 allows CSV injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Metadefender
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy