CVE-2022-32272

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Metadefender	Opswat	*	5.1.2 (excluding)

Potential Mitigations

https://cwe.mitre.org/data/definitions/122.html
https://cwe.mitre.org/data/definitions/233.html
https://cwe.mitre.org/data/definitions/58.html

References

http://packetstormsecurity.com/files/171549/OPSWAT-Metadefender-Core-4.21.1-Privilege-Escalation.html
https://docs.opswat.com/mdcore/release-notes
https://docs.opswat.com/mdemail/release-notes
https://docs.opswat.com/mdemail/release-notes/version-5-6-1
https://docs.opswat.com/mdicap/release-notes
https://docs.opswat.com/mdicap/release-notes/version-4-12-1
https://opswat.com

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-32272
CWE	https://cwe.mitre.org/data/definitions/269.html

Improper Privilege Management

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References