Opswat: Security Vulnerabilities
An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from December 17, 2012.
CVSS Score
7.7
EPSS Score
0.0
Published
2025-11-11
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).
CVSS Score
9.8
EPSS Score
0.019
Published
2023-09-15
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-09-15
An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-15
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-09-19
OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.
CVSS Score
9.8
EPSS Score
0.212
Published
2022-06-09
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-06-08
OPSWAT MetaDefender before v4.11.2 allows CSV injection.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-08-31