Search criteria
12 vulnerabilities found for fortify_software_security_center by microfocus
FKIE_CVE-2019-11649
Vulnerability from fkie_nvd - Published: 2019-06-19 17:15 - Updated: 2024-11-21 04:21
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | fortify_software_security_center | 17.20 | |
| microfocus | fortify_software_security_center | 18.10 | |
| microfocus | fortify_software_security_center | 18.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7A916C-864C-417B-BD1C-196969B7CB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C50F47D5-AAFA-4CF4-925F-7B167065C05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:18.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB63643-0C3E-4764-B84B-B8FC63BC9E6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser."
},
{
"lang": "es",
"value": "La vulnerabilidad de secuencias de comandos entre sitios en Micro Focus Fortify Software Security Center Server, versiones 17.2, 18.1, 18.2, se ha identificado en Micro Focus Software Security Center. La vulnerabilidad podr\u00eda explotarse para ejecutar c\u00f3digo JavaScript en el navegador del usuario. La vulnerabilidad podr\u00eda explotarse para ejecutar c\u00f3digo JavaScript en el navegador del usuario"
}
],
"id": "CVE-2019-11649",
"lastModified": "2024-11-21T04:21:31.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-19T17:15:11.203",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7691
Vulnerability from fkie_nvd - Published: 2018-12-13 14:29 - Updated: 2024-11-21 04:12
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | fortify_software_security_center | 17.10 | |
| microfocus | fortify_software_security_center | 17.20 | |
| microfocus | fortify_software_security_center | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E137D7D-8108-4EE2-9800-EAC66AB82D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7A916C-864C-417B-BD1C-196969B7CB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C50F47D5-AAFA-4CF4-925F-7B167065C05B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
},
{
"lang": "es",
"value": "Un potencial acceso remoto no autorizado en Micro Focus Fortify Software Security Center (SSC) 17.10, 17.20 y 18.10 podr\u00eda permitir el acceso remoto no autorizado."
}
],
"id": "CVE-2018-7691",
"lastModified": "2024-11-21T04:12:32.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T14:29:00.337",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
},
{
"source": "security@opentext.com",
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45990/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-7690
Vulnerability from fkie_nvd - Published: 2018-12-13 14:29 - Updated: 2024-11-21 04:12
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | fortify_software_security_center | 17.10 | |
| microfocus | fortify_software_security_center | 17.20 | |
| microfocus | fortify_software_security_center | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E137D7D-8108-4EE2-9800-EAC66AB82D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7A916C-864C-417B-BD1C-196969B7CB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C50F47D5-AAFA-4CF4-925F-7B167065C05B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
},
{
"lang": "es",
"value": "Un potencial acceso remoto no autorizado en Micro Focus Fortify Software Security Center (SSC) 17.10, 17.20 y 18.10 podr\u00eda permitir el acceso remoto no autorizado."
}
],
"id": "CVE-2018-7690",
"lastModified": "2024-11-21T04:12:32.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-13T14:29:00.277",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
},
{
"source": "security@opentext.com",
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45989/"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-6486
Vulnerability from fkie_nvd - Published: 2018-02-02 14:29 - Updated: 2024-11-21 04:10
Severity ?
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | fortify_audit_workbench | 16.10 | |
| microfocus | fortify_audit_workbench | 16.20 | |
| microfocus | fortify_audit_workbench | 17.10 | |
| microfocus | fortify_software_security_center | 16.10 | |
| microfocus | fortify_software_security_center | 16.20 | |
| microfocus | fortify_software_security_center | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAC9EC0-3C36-465E-9687-B61BB7E5CD2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.20:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB15BAB-2A01-4505-B23A-6733FEA144F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BE8B0D-5180-4277-9A5B-0DF0C89A9FDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BA657021-3719-4055-BE1F-6402E976D68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:16.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7D5750-8985-4AE0-B3AE-D31E278027AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E137D7D-8108-4EE2-9800-EAC66AB82D77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
},
{
"lang": "es",
"value": "Vulnerabilidad XEE (XML External Entity) en Micro Focus Fortify Audit Workbench (AWB) y Micro Focus Fortify Software Security Center (SSC), versiones 16.10, 16.20 y 17.10. Esta vulnerabilidad podr\u00eda ser explotada para permitir inyecci\u00f3n XEE (XML External Entity)."
}
],
"id": "CVE-2018-6486",
"lastModified": "2024-11-21T04:10:45.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-02T14:29:01.497",
"references": [
{
"source": "security@opentext.com",
"url": "http://www.securityfocus.com/bid/102902"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/102902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-11649 (GCVE-0-2019-11649)
Vulnerability from cvelistv5 – Published: 2019-06-19 16:06 – Updated: 2024-09-16 23:26
VLAI?
Title
KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649
Summary
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
Severity ?
5.4 (Medium)
CWE
- Remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Fortify Software Security Center Server |
Affected:
17.1, 18.1, 18.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Fortify Software Security Center Server",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "17.1, 18.1, 18.2"
}
]
}
],
"datePublic": "2019-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser."
}
],
"exploits": [
{
"lang": "en",
"value": "Remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:29",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-06-20T20:15:00.000Z",
"ID": "CVE-2019-11649",
"STATE": "PUBLIC",
"TITLE": "KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Fortify Software Security Center Server",
"version": {
"version_data": [
{
"version_value": "17.1, 18.1, 18.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote code execution."
}
],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03461174",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11649",
"datePublished": "2019-06-19T16:06:50.731771Z",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-09-16T23:26:48.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7691 (GCVE-0-2018-7691)
Vulnerability from cvelistv5 – Published: 2018-12-13 14:00 – Updated: 2024-09-16 17:29
VLAI?
Title
MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
Summary
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Severity ?
6.5 (Medium)
CWE
- Remote Unauthorized Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Software Security Center (SSC) |
Affected:
17.10, 17.20, 18.10
|
Credits
Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "17.10, 17.20, 18.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Unauthorized Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "45990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-12T15:30:00.000Z",
"ID": "CVE-2018-7691",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "17.10, 17.20, 18.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03298201",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7691",
"datePublished": "2018-12-13T14:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T17:29:04.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7690 (GCVE-0-2018-7690)
Vulnerability from cvelistv5 – Published: 2018-12-13 14:00 – Updated: 2024-09-17 02:32
VLAI?
Title
MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
Summary
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Severity ?
6.5 (Medium)
CWE
- Remote Unauthorized Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Software Security Center (SSC) |
Affected:
17.10, 17.20, 18.10
|
Credits
Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45989",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "17.10, 17.20, 18.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Unauthorized Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:05",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "45989",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-12T15:30:00.000Z",
"ID": "CVE-2018-7690",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "17.10, 17.20, 18.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45989",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03298201",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7690",
"datePublished": "2018-12-13T14:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T02:32:23.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6486 (GCVE-0-2018-6486)
Vulnerability from cvelistv5 – Published: 2018-02-02 14:00 – Updated: 2024-09-16 16:28
VLAI?
Title
MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
Summary
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Severity ?
7.3 (High)
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC) |
Affected:
16.10, 16.20, 17.10
|
Credits
Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "16.10, 16.20, 17.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
}
],
"datePublic": "2018-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
"ID": "CVE-2018-6486",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "16.10, 16.20, 17.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
"Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
]
},
"exploit": "XML External Entity (XXE)",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102902"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-6486",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2018-02-01T00:00:00",
"dateUpdated": "2024-09-16T16:28:00.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11649 (GCVE-0-2019-11649)
Vulnerability from nvd – Published: 2019-06-19 16:06 – Updated: 2024-09-16 23:26
VLAI?
Title
KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649
Summary
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
Severity ?
5.4 (Medium)
CWE
- Remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Fortify Software Security Center Server |
Affected:
17.1, 18.1, 18.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Fortify Software Security Center Server",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "17.1, 18.1, 18.2"
}
]
}
],
"datePublic": "2019-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser."
}
],
"exploits": [
{
"lang": "en",
"value": "Remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:29",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-06-20T20:15:00.000Z",
"ID": "CVE-2019-11649",
"STATE": "PUBLIC",
"TITLE": "KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Fortify Software Security Center Server",
"version": {
"version_data": [
{
"version_value": "17.1, 18.1, 18.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser. The vulnerability could be exploited to execute JavaScript code in user\u2019s browser."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote code execution."
}
],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03461174",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03461174"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11649",
"datePublished": "2019-06-19T16:06:50.731771Z",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-09-16T23:26:48.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7691 (GCVE-0-2018-7691)
Vulnerability from nvd – Published: 2018-12-13 14:00 – Updated: 2024-09-16 17:29
VLAI?
Title
MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
Summary
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Severity ?
6.5 (Medium)
CWE
- Remote Unauthorized Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Software Security Center (SSC) |
Affected:
17.10, 17.20, 18.10
|
Credits
Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "17.10, 17.20, 18.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Unauthorized Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "45990",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-12T15:30:00.000Z",
"ID": "CVE-2018-7691",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "17.10, 17.20, 18.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45990",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45990/"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03298201",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7691",
"datePublished": "2018-12-13T14:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T17:29:04.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7690 (GCVE-0-2018-7690)
Vulnerability from nvd – Published: 2018-12-13 14:00 – Updated: 2024-09-17 02:32
VLAI?
Title
MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
Summary
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Severity ?
6.5 (Medium)
CWE
- Remote Unauthorized Access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Software Security Center (SSC) |
Affected:
17.10, 17.20, 18.10
|
Credits
Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45989",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "17.10, 17.20, 18.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Unauthorized Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:05",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "45989",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-12T15:30:00.000Z",
"ID": "CVE-2018-7690",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "17.10, 17.20, 18.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Unauthorized Access"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Unauthorized Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45989",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45989/"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03298201",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03298201"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7690",
"datePublished": "2018-12-13T14:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T02:32:23.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6486 (GCVE-0-2018-6486)
Vulnerability from nvd – Published: 2018-02-02 14:00 – Updated: 2024-09-16 16:28
VLAI?
Title
MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
Summary
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Severity ?
7.3 (High)
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC) |
Affected:
16.10, 16.20, 17.10
|
Credits
Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "16.10, 16.20, 17.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
}
],
"datePublic": "2018-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
"ID": "CVE-2018-6486",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "16.10, 16.20, 17.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
"Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
]
},
"exploit": "XML External Entity (XXE)",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102902"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-6486",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2018-02-01T00:00:00",
"dateUpdated": "2024-09-16T16:28:00.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}