{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7886", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-08-16T16:01:30.832Z", "datePublished": "2024-08-16T21:31:03.570Z", "dateUpdated": "2024-08-19T18:22:34.593Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-08-17T07:42:43.488Z"}, "title": "Scooter Software Beyond Compare 7zxa.dll uncontrolled search path", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path"}]}], "affected": [{"vendor": "Scooter Software", "product": "Beyond Compare", "versions": [{"version": "3.3.5.15075", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue."}, {"lang": "de", "value": "In Scooter Software Beyond Compare bis 3.3.5.15075 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion in der Bibliothek 7zxa.dll. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "timeline": [{"time": "2024-08-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-08-16T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-08-16T18:07:11.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "tfhm (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.274873", "name": "VDB-274873 | Scooter Software Beyond Compare 7zxa.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.274873", "name": "VDB-274873 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.383468", "name": "Submit #383468 | Beyond Compare Bcompare 3.3.5.15075 DLL Hijacking", "tags": ["third-party-advisory"]}], "tags": ["disputed"]}, "adp": [{"affected": [{"vendor": "scootersoftware", "product": "beyond_compare", "cpes": ["cpe:2.3:a:scootersoftware:beyond_compare:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.3.5.15075", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-19T17:22:23.049559Z", "id": "CVE-2024-7886", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T18:22:34.593Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7886", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-19T17:22:23.049559Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scootersoftware:beyond_compare:*:*:*:*:*:*:*:*"], "vendor": "scootersoftware", "product": "beyond_compare", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.5.15075", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T18:22:23.188Z"}}], "cna": {"tags": ["disputed"], "title": "Scooter Software Beyond Compare 7zxa.dll uncontrolled search path", "credits": [{"lang": "en", "type": "reporter", "value": "tfhm (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.8, "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C"}}], "affected": [{"vendor": "Scooter Software", "product": "Beyond Compare", "versions": [{"status": "affected", "version": "3.3.5.15075"}]}], "timeline": [{"lang": "en", "time": "2024-08-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-08-16T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-08-16T18:07:11.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.274873", "name": "VDB-274873 | Scooter Software Beyond Compare 7zxa.dll uncontrolled search path", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.274873", "name": "VDB-274873 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.383468", "name": "Submit #383468 | Beyond Compare Bcompare 3.3.5.15075 DLL Hijacking", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue."}, {"lang": "de", "value": "In Scooter Software Beyond Compare bis 3.3.5.15075 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion in der Bibliothek 7zxa.dll. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-08-17T07:42:43.488Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7886", "state": "PUBLISHED", "dateUpdated": "2024-08-19T18:22:34.593Z", "dateReserved": "2024-08-16T16:01:30.832Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-08-16T21:31:03.570Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en Scooter Software Beyond Compare hasta 3.3.5.15075 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida en la librer\u00eda 7zxa.dll es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a una ruta de b\u00fasqueda incontrolada. Atacar localmente es un requisito. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. NOTA: El proveedor explica que se debe vulnerar un sistema antes de explotar este problema."}], "id": "CVE-2024-7886", "lastModified": "2024-08-19T13:00:23.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-08-16T22:15:04.267", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.274873"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.274873"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.383468"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}