CVE-2024-7886

HIGH

Scooter Software Beyond Compare <3.3.5.15075 - Path Traversal

Title source: llm

Description

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it.

References (3)

[Permissions Required, VDB Entry] https://vuldb.com/?id.274873

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.274873

[Permissions Required, VDB Entry] https://vuldb.com/?submit.383468

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-426 CWE-427

Status published

Products (1)

Scooter Software/Beyond Compare 3.3.5.15075

Published Aug 16, 2024

Tracked Since Feb 18, 2026