Vulnerability Details CVE-2017-5236
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
Products affected by CVE-2017-5236
-
cpe:2.3:a:rapid7:appspider_pro:-
-
cpe:2.3:a:rapid7:appspider_pro:6.14.043
-
cpe:2.3:a:rapid7:appspider_pro:6.14.045
-
cpe:2.3:a:rapid7:appspider_pro:6.14.046
-
cpe:2.3:a:rapid7:appspider_pro:6.14.050
-
cpe:2.3:a:rapid7:appspider_pro:6.14.053
-
cpe:2.3:a:rapid7:appspider_pro:6.14.056
-
cpe:2.3:a:rapid7:appspider_pro:6.14.058
-
cpe:2.3:a:rapid7:appspider_pro:6.14.059