Does a CVE affect MetaDefender Core?
In today's rapidly evolving digital landscape, understanding the impact of security vulnerabilities is more crucial than ever. The Common Vulnerabilities and Exposures (CVE) list is an invaluable resource for identifying potential security risks associated with software products. This article provides a comprehensive overview of various CVEs, helping you determine whether MetaDefender Core is affected. By staying informed about these vulnerabilities, you can take proactive measures to protect your systems and data from potential threats.
| CVE | Summary |
|---|---|
| CVE-2024-32113 | CVE-2024-32113 is the vulnerability of Apache OFBiz which we don't use in MetaDefender Core |
| CVE-2024-38856 | CVE-2024-32113 is the vulnerability of Apache OFBiz which we don't use in MetaDefender Core |
| CVE-2024-4367 | CVE-2024-4367 does not impact MetaDefender Core |
| CVE-2024-34342 | CVE-2024-34342 does not impact MetaDefender Core |
| CVE-2024-40725 | MetaDefender Core does not use Apache HTTP Server and is not affected by CVE-2024-40725 |
| CVE-2024-40898 | MetaDefender Core does not use Apache HTTP Server and is not affected by CVE-2024-40898 |
| CVE-2024-27348 | MetaDefender Core does not utilize Apache HugeGraph-Server in its architecture. As a result, it is not susceptible to the CVE-2024-27348 vulnerability |
| CVE-2018-25103 | MetaDefender Core does not use lighttpd, it is not affected by the vulnerabilities identified in CVE-2018-25103 |
| CVE-2024-4603 | MetaDefender Core does not use either EVP_PKEY_param_check() or EVP_PKEY_public_check() hence it's not affected by CVE-2024-4603 |
| CVE-2023-46589 | MetaDefender Coredoes not use Tomcat, so the product is not impacted by the CVE |
| CVE-2023-50164 | MetaDefender Coreis not built on Apache Struts which is affected by this CVE |
| CVE-2022-21724 | CVE-2022-21724 is not used by MetaDefender Core to make connections to Postgres, so the product is not impacted by the CVE |
| CVE 2018-2894 | MetaDefender Core doesn’t use Java, so this CVE doesn’t impact the product |
| CVE-2024-38819 | MetaDefender Core doesn’t use this framework, so this CVE doesn’t impact the product |
| CVE-2024-7348 | Since MetaDefender Core 5.11.1, we upgraded Postgres to a newer version to address this CVE |
| CVE-2024-3566 | Although MetaDefender Core executes another programs (Nginx, engine processes, engine installation scripts), we do not pass any user-input arguments to these programs. We are not affected by this CVE. |
| CVE-2024-27980 | MetaDefender Core does not use Node.js so it's not affected |
| CVE-2024-24576 | MetaDefender Core does not use Rust in its code so it's not affected |
| CVE-2024-10979 | MetaDefender Core does not use PL/Perl and PL/Python so it's not affected |
| CVE-2018-15133 | MetaDefender Core does not use PHP and Laravel so it's not affected |
| CVE-2023-40581 | CVE-2023-40581 affects yt-dlp, it does not impact MetaDefender Core functionality |
| CVE-2024-1874 | MetaDefender Core does not use PHP so it's not affected |
| CVE-2025-0411 | This vulnerability only affects the GUI version of 7-Zip. Exploitation requires a user to manually open a malicious archive in 7-Zip File Manager and execute a file inside. Since MetaDefender Core’s Archive Engine does not utilize the GUI version of 7-Zip, it is not affected by this CVE |
| CVE-2024-4577 | MetaDefender Core does not use PHP-CGI so it's not affected |
| CVE-2019-9082 | MetaDefender Core does not use ThinkPHP so it's not affected |
| CVE-2024-21235 CVE-2024-21210 CVE-2024-21217 CVE-2024-21208 CVE-2024-21147 CVE-2024-21144 CVE-2024-21145 CVE-2024-21138 CVE-2024-21131 CVE-2024-21140 | MetaDefender Core does not rely on Amazon Corretto JRE or Java as a dependency; therefore, these vulnerabilities do not affect the product. If the Sandbox engine is installed and relies on Amazon Corretto JRE, we strongly recommend upgrading to Amazon Corretto 17 to ensure system security and compatibility. Please follow this article for more information : auto$ |
| CVE-2025-21298 | MetaDefender Core itself is not affected by this CVE, but we cannot confirm the same for the engines running inside MetaDefender Core. According to National Vulnerability Database, this CVE affects Windows OS. It is recommended that the users apply the latest security updates to patch this CVE if the user is on the following OS:
|
If Further Assistance is required, please proceed to log a support case or chat with our support engineer.