CVE-2017-2240

medium

Published 2017-07-17 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — https://www.hammock.jp/assetview/info/170714.html

OS impact

OS	Version	Status	Fixed in
macos		not-affected

Application impact

Vendor	Product	Versions	Fixed
hammock	assetview	`9.2`

References

http://jvn.jp/en/vu/JVNVU93377948/index.html
https://www.hammock.jp/assetview/info/170714.html
http://jvn.jp/en/vu/JVNVU93377948/index.html
https://www.hammock.jp/assetview/info/170714.html

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.