CVE-2008-1221

2008-03-1017:44:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-1221

absolute path traversal

microworld escan

ftp server

vulnerability

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.03 Low

EPSS

Percentile

90.9%

JSON

Absolute path traversal vulnerability in the FTP server in MicroWorld eScan Corporate Edition 9.0.742.98 and eScan Management Console (aka eScan Server) 9.0.742.1 allows remote attackers to read arbitrary files via an absolute pathname in the RETR (get) command.

Affected configurations

NVD

Node

microworld_technologiesescanMatch9.0.742.98corporate

microworld_technologiesescan_management_consoleMatch9.0.742.1

microworld_technologiesescan_serverMatch9.0.742.1

CPENameOperatorVersion
microworld_technologies:escanmicroworld technologies escaneq9.0.742.98
microworld_technologies:escan_management_consolemicroworld technologies escan management consoleeq9.0.742.1
microworld_technologies:escan_servermicroworld technologies escan servereq9.0.742.1

CPE	Name	Operator	Version
microworld_technologies:escan	microworld technologies escan	eq	9.0.742.98
microworld_technologies:escan_management_console	microworld technologies escan management console	eq	9.0.742.1
microworld_technologies:escan_server	microworld technologies escan server	eq	9.0.742.1