CVE-2018-6486

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

Published : 2018-02-02 14:29 Updated : 2019-10-09 23:41

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Microfocus Fortify Audit Workbench 16.10 cpe:/a:microfocus:fortify_audit_workbench:16.10
Microfocus Fortify Audit Workbench 16.20 cpe:/a:microfocus:fortify_audit_workbench:16.20
Microfocus Fortify Audit Workbench 17.10 cpe:/a:microfocus:fortify_audit_workbench:17.10
Microfocus Fortify Software Security Center 16.10 cpe:/a:microfocus:fortify_software_security_center:16.10
Microfocus Fortify Software Security Center 16.20 cpe:/a:microfocus:fortify_software_security_center:16.20
Microfocus Fortify Software Security Center 17.10 cpe:/a:microfocus:fortify_software_security_center:17.10
  1. Microfocus (2) Search CVE
    1. Fortify Software Security Center (3) Search CVE
      1. 16.10
      2. 16.20
      3. 17.10
    2. Fortify Audit Workbench (3) Search CVE
      1. 16.10
      2. 16.20
      3. 17.10

CWE

ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2018-02-27 18:28
2018-02-04 02:29
2018-02-02 14:29

New CVE