Lucene search

[email protected]CVE-2008-2015

HistoryApr 30, 2008 - 1:07 a.m.

CVE-2008-2015

2008-04-3001:07:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-2015

absolute path traversal

watchfire

appscan 7.0

activex controls

code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.104 Low

EPSS

Percentile

95.0%

JSON

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

NVD

Node

watchfireappscanMatch7.0

CPENameOperatorVersion
watchfire:appscanwatchfire appscaneq7.0

CPE	Name	Operator	Version
watchfire:appscan	watchfire appscan	eq	7.0

References

www.securityfocus.com/bid/28940

www.securitytracker.com/id?1019948

exchange.xforce.ibmcloud.com/vulnerabilities/42077

www.exploit-db.com/exploits/5496

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.104 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2008-2015

cvelist1 nvd1 prion1