CVSS: 9.8EPSS: 16%CPEs: 3EXPL: 2CVE-2018-12463 – MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12463
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de XEE (XML External Entity) en Fortify Software Security Center (SSC) en versiones 17.1, 17.2 y 18.1 permite que usuarios remotos no autenticados lean archivos arbitrarios o lleven a cabo ataques de SSRF (Server-Side Request Forgery) mediante un DTD manipulado en una petición XML. Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/45027 https://github.com/alt3kx/CVE-2018-12463 http://www.securitytracker.com/id/1041286 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-6486 – MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection
https://notcve.org/view.php?id=CVE-2018-6486
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection. Vulnerabilidad XEE (XML External Entity) en Micro Focus Fortify Audit Workbench (AWB) y Micro Focus Fortify Software Security Center (SSC), versiones 16.10, 16.20 y 17.10. Esta vulnerabilidad podría ser explotada para permitir inyección XEE (XML External Entity). • http://www.securityfocus.com/bid/102902 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653 • CWE-611: Improper Restriction of XML External Entity Reference •