Does a CVE affect MetaDefender Core?

In today's rapidly evolving digital landscape, understanding the impact of security vulnerabilities is more crucial than ever. The Common Vulnerabilities and Exposures (CVE) list is an invaluable resource for identifying potential security risks associated with software products. This article provides a comprehensive overview of various CVEs, helping you determine whether MetaDefender Core is affected. By staying informed about these vulnerabilities, you can take proactive measures to protect your systems and data from potential threats.

CVE

Summary

CVE-2024-32113

CVE-2024-32113 is the vulnerability of Apache OFBiz which we don't use in MetaDefender Core

CVE-2024-38856

CVE-2024-32113 is the vulnerability of Apache OFBiz which we don't use in MetaDefender Core

CVE-2024-4367

CVE-2024-4367 does not impact MetaDefender Core

CVE-2024-34342

CVE-2024-34342 does not impact MetaDefender Core

CVE-2024-40725

MetaDefender Core does not use Apache HTTP Server and is not affected by CVE-2024-40725

CVE-2024-40898

MetaDefender Core does not use Apache HTTP Server and is not affected by CVE-2024-40898

CVE-2024-27348

MetaDefender Core does not utilize Apache HugeGraph-Server in its architecture. As a result, it is not susceptible to the CVE-2024-27348 vulnerability

CVE-2018-25103

MetaDefender Core does not use lighttpd, it is not affected by the vulnerabilities identified in CVE-2018-25103

CVE-2024-4603

MetaDefender Core does not use either EVP_PKEY_param_check() or EVP_PKEY_public_check() hence it's not affected by CVE-2024-4603

CVE-2023-46589

MetaDefender Coredoes not use Tomcat, so the product is not impacted by the CVE

CVE-2023-50164

MetaDefender Coreis not built on Apache Struts which is affected by this CVE

CVE-2022-21724

CVE-2022-21724 is not used by MetaDefender Core to make connections to Postgres, so the product is not impacted by the CVE

CVE 2018-2894

MetaDefender Core doesn’t use Java, so this CVE doesn’t impact the product

CVE-2024-38819

MetaDefender Core doesn’t use this framework, so this CVE doesn’t impact the product

CVE-2024-7348

Since MetaDefender Core 5.11.1, we upgraded Postgres to a newer version to address this CVE

CVE-2024-3566

Although MetaDefender Core executes another programs (Nginx, engine processes, engine installation scripts), we do not pass any user-input arguments to these programs. We are not affected by this CVE.

CVE-2024-27980

MetaDefender Core does not use Node.js so it's not affected

CVE-2024-24576

MetaDefender Core does not use Rust in its code so it's not affected

CVE-2024-10979

MetaDefender Core does not use PL/Perl and PL/Python so it's not affected

CVE-2018-15133

MetaDefender Core does not use PHP and Laravel so it's not affected

CVE-2023-40581

CVE-2023-40581 affects yt-dlp, it does not impact MetaDefender Core functionality

CVE-2024-1874

MetaDefender Core does not use PHP so it's not affected

Support:

If Further Assistance is required, please proceed to log a support case or chat with our support engineer.