opswat 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk cross-site scripting and バッファオーバーフロー などに関し、一部は アプリケーションクラッシュ を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-57695 | An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the vulnerability in version 8.0 (4164.652.1856) from December 17, 2012. | [email protected] | 7.7 | 0.18% | 2025-11-11 | 2026-06-17 |
| CVE-2025-0131 | An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit. | [email protected] | 7.1 | 0.13% | 2025-05-14 | 2026-06-17 |
| CVE-2024-52925 | In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives. | [email protected] | 6.8 | 0.31% | 2025-02-26 | 2026-06-17 |
| CVE-2023-36659 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication). | [email protected] | 9.8 | 0.73% | 2023-09-15 | 2026-06-17 |
| CVE-2023-36657 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation. | [email protected] | 9.8 | 0.57% | 2023-09-15 | 2026-06-17 |
| CVE-2023-36658 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | [email protected] | 7.8 | 0.21% | 2023-09-15 | 2026-06-17 |
| CVE-2022-40778 | A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response. | [email protected] | 5.4 | 0.35% | 2022-09-19 | 2026-06-17 |
| CVE-2022-32272 | OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation. | [email protected] | 9.8 | 9.10% | 2022-06-09 | 2026-06-17 |
| CVE-2022-32273 | As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. | [email protected] | 4.3 | 0.71% | 2022-06-08 | 2026-06-17 |
| CVE-2018-16275 | OPSWAT MetaDefender before v4.11.2 allows CSV injection. | [email protected] | 7.8 | 0.95% | 2018-08-31 | 2026-06-16 |