Lucene search

MicrofocusCVELIST:CVE-2018-6486

HistoryFeb 02, 2018 - 2:00 p.m.

CVE-2018-6486 MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection

2018-02-0214:00:00

microfocus

www.cve.org

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

CNA Affected

[
  {
    "product": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "16.10, 16.20, 17.10"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102902

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

68.9%

JSON

Related for CVELIST:CVE-2018-6486