MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
CVE-2018-6486

7.3HIGH

Key Information:

Vendor: Micro Focus
Status: Fortify Audit Workbench (awb) And Micro Focus Fortify Software Security Center (ssc)
Vendor: CVE Published:; 1 February 2018

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2018-6486?

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

Affected Version(s)

Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC) 16.10, 16.20, 17.10

References

http://www.securityfocus.com/bid/102902

vdb-entryx_refsource_BID

https://softwaresupport.softwaregrp.com/document/-/facets...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2018
Vulnerability Reserved
Feb 1, 2018

Credit

Micro Focus would like to thank Jakub Palaczynski for reporting this issue to [email protected]