Vulnerability Details CVE-2017-9644
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
Products affected by CVE-2017-9644
-
cpe:2.3:a:automatedlogic:i-vu:5.2
-
cpe:2.3:a:automatedlogic:i-vu:5.5
-
cpe:2.3:a:automatedlogic:i-vu:6.0
-
cpe:2.3:a:automatedlogic:i-vu:6.5
-
cpe:2.3:a:automatedlogic:sitescan_web:5.2
-
cpe:2.3:a:automatedlogic:sitescan_web:5.5
-
cpe:2.3:a:automatedlogic:sitescan_web:6.1
-
cpe:2.3:a:automatedlogic:sitescan_web:6.5
-
cpe:2.3:a:carrier:automatedlogic_webctrl:5.2
-
cpe:2.3:a:carrier:automatedlogic_webctrl:5.5
-
cpe:2.3:a:carrier:automatedlogic_webctrl:6.0
-
cpe:2.3:a:carrier:automatedlogic_webctrl:6.1
-
cpe:2.3:a:carrier:automatedlogic_webctrl:6.5