4 matches found
CVE-2019-11649
The CVE refers to a Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server (SSC) affecting versions 17.2, 18.1, and 18.2. Technical details across connected sources indicate the root cause as insufficient validation of client-side data in the SSC web application...
CVE-2018-7691
CVE-2018-7691 affects Micro Focus Fortify Software Security Center (SSC) versions 17.10, 17.20 and 18.10. The root cause is insecure direct object references (IDOR) in the REST API: ownership of the field "authEntities" is not properly checked, allowing remote authenticated (view-only) users to r...
CVE-2018-7690
Fortify Software Security Center (SSC) REST-API for Fortify SSC versions 17.10, 17.20 and 18.10 contains an insecure direct object references (IDOR) vulnerability. The issue allows remote authenticated (view-only) users to read arbitrary details of other users’ Fortify projects via GET requests t...
CVE-2018-6486
CVE-2018-6486 is an XML External Entity (XXE) injection vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), affecting versions 16.10, 16.20, and 17.10. The issue arises from XXE handling in these products, enabling an attacker to expl...