CVE-2024-7886

HIGH

Scooter Software Beyond Compare <3.3.5.15075 - Path Traversal

Title source: llm

Description

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it.

References (3)

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.274873

[Permissions Required, VDB Entry] https://vuldb.com/?id.274873

[Permissions Required, VDB Entry] https://vuldb.com/?submit.383468

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427 CWE-426

Status draft

Timeline

Published Aug 16, 2024

Tracked Since Feb 18, 2026