CVE-2018-6486

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
microfocusCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
microfocusfortify_audit_workbench
16.10
microfocusfortify_audit_workbench
16.20
microfocusfortify_audit_workbench
17.10
microfocusfortify_software_security_center
16.10
microfocusfortify_software_security_center
16.20
microfocusfortify_software_security_center
17.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102902
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653
http://www.securityfocus.com/bid/102902
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653