CVE-2018-6486

Published: Feb 2, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

Affected (6)

Products: Microfocus: Fortify Audit Workbench, Fortify Software Security Center

Microfocus

2 products

Fortify Audit Workbench

Fortify Software Security Center

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microfocus Fortify Audit Workbench	Version 16.10
Microfocus Fortify Audit Workbench	Version 16.20
Microfocus Fortify Audit Workbench	Version 17.10

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Microfocus Fortify Software Security Center	Version 16.10
Microfocus Fortify Software Security Center	Version 16.20
Microfocus Fortify Software Security Center	Version 17.10

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

http://www.securityfocus.com/bid/102902

Source: security@opentext.com

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

Source: security@opentext.com

http://www.securityfocus.com/bid/102902

Source: af854a3a-2127-422b-91ae-364da2661108

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.