6.5
CVSSv2

CVE-2017-9640

Published: 25/08/2017 Updated: 09/10/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 6.3 | Impact Score: 3.4 | Exploitability Score: 2.8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

A Path Traversal issue exists in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web before 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.

Vulnerability Trend

Affected Products

Vendor Product Versions
AutomatedlogicI-vu5.2, 5.5, 6.0
AutomatedlogicSitescan Web5.2, 5.5, 6.1
AutomatedlogicWebctrl5.2, 5.5, 6.0, 6.1

Exploits

Automated Logic WebCTRL 61 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: wwwautomatedlogiccom Affected version: ALC WebCTRL, SiteScan Web 61 and prior ALC WebCTRL, i-Vu 60 and prior ALC WebCTRL, i-Vu, SiteScan Web 55 and prior ALC WebCTR ...

Mailing Lists

Automated Logic WebCTRL version 61 suffers from path traversal and arbitrary file write vulnerabilities ...