CVE-2018-6486

EUVD-2018-18242
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
microfocusCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
microfocusfortify_audit_workbench
16.10
microfocusfortify_audit_workbench
16.20
microfocusfortify_audit_workbench
17.10
microfocusfortify_software_security_center
16.10
microfocusfortify_software_security_center
16.20
microfocusfortify_software_security_center
17.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102902
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653
http://www.securityfocus.com/bid/102902
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653