CVE-2008-2015

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
30/04/2008
Last modified:
09/04/2025

Description

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:watchfire:appscan:7.0:*:*:*:*:*:*:*