CVE-2018-12463
7.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Micro Focus | Fortify Software Security Center | 17.1, 17.2, 18.1 | affected |
Weaknesses
- Server-side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1041286
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
- https://www.exploit-db.com/exploits/45027/
References
- http://www.securitytracker.com/id/1041286
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
- https://www.exploit-db.com/exploits/45027/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.