Lucene search
K
MicrofocusFortify Software Security Center

4 matches found

CVE
CVE
added 2019/06/19 4:6 p.m.83 views

CVE-2019-11649

The CVE refers to a Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server (SSC) affecting versions 17.2, 18.1, and 18.2. Technical details across connected sources indicate the root cause as insufficient validation of client-side data in the SSC web application...

5.4CVSS5.4AI score0.00622EPSS
CVE
CVE
added 2018/12/13 2:0 p.m.68 views

CVE-2018-7691

CVE-2018-7691 affects Micro Focus Fortify Software Security Center (SSC) versions 17.10, 17.20 and 18.10. The root cause is insecure direct object references (IDOR) in the REST API: ownership of the field "authEntities" is not properly checked, allowing remote authenticated (view-only) users to r...

6.5CVSS6.4AI score0.07234EPSS
Web
CVE
CVE
added 2018/12/13 2:0 p.m.61 views

CVE-2018-7690

Fortify Software Security Center (SSC) REST-API for Fortify SSC versions 17.10, 17.20 and 18.10 contains an insecure direct object references (IDOR) vulnerability. The issue allows remote authenticated (view-only) users to read arbitrary details of other users’ Fortify projects via GET requests t...

6.5CVSS6.4AI score0.07411EPSS
Web
CVE
CVE
added 2018/02/02 2:0 p.m.45 views

CVE-2018-6486

CVE-2018-6486 is an XML External Entity (XXE) injection vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), affecting versions 16.10, 16.20, and 17.10. The issue arises from XXE handling in these products, enabling an attacker to expl...

9.8CVSS8.6AI score0.01216EPSS