Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for fortify_audit_workbench by microfocus
CVE-2018-6486 (GCVE-0-2018-6486)
Vulnerability from nvd – Published: 2018-02-02 14:00 – Updated: 2024-09-16 16:28
VLAI?
Title
MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
Summary
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Severity ?
7.3 (High)
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC) |
Affected:
16.10, 16.20, 17.10
|
Date Public ?
2018-02-01 00:00
Credits
Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "16.10, 16.20, 17.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
}
],
"datePublic": "2018-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
"ID": "CVE-2018-6486",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "16.10, 16.20, 17.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
"Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
]
},
"exploit": "XML External Entity (XXE)",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102902"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-6486",
"datePublished": "2018-02-02T14:00:00.000Z",
"dateReserved": "2018-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:00.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6486 (GCVE-0-2018-6486)
Vulnerability from cvelistv5 – Published: 2018-02-02 14:00 – Updated: 2024-09-16 16:28
VLAI?
Title
MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
Summary
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
Severity ?
7.3 (High)
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC) |
Affected:
16.10, 16.20, 17.10
|
Date Public ?
2018-02-01 00:00
Credits
Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "16.10, 16.20, 17.10"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
}
],
"datePublic": "2018-02-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "102902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102902"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
],
"title": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
"ID": "CVE-2018-6486",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
"version": {
"version_data": [
{
"version_value": "16.10, 16.20, 17.10"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
"Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
}
]
},
"exploit": "XML External Entity (XXE)",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102902"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-6486",
"datePublished": "2018-02-02T14:00:00.000Z",
"dateReserved": "2018-02-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:00.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}