4 results (0.016 seconds)

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser. La vulnerabilidad de secuencias de comandos entre sitios en Micro Focus Fortify Software Security Center Server, versiones 17.2, 18.1, 18.2, se ha identificado en Micro Focus Software Security Center. La vulnerabilidad podría explotarse para ejecutar código JavaScript en el navegador del usuario. • https://softwaresupport.softwaregrp.com/doc/KM03461174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access Un potencial acceso remoto no autorizado en Micro Focus Fortify Software Security Center (SSC) 17.10, 17.20 y 18.10 podría permitir el acceso remoto no autorizado. Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users. • https://www.exploit-db.com/exploits/45990 https://github.com/alt3kx/CVE-2018-7691 https://softwaresupport.softwaregrp.com/doc/KM03298201 •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access Un potencial acceso remoto no autorizado en Micro Focus Fortify Software Security Center (SSC) 17.10, 17.20 y 18.10 podría permitir el acceso remoto no autorizado. Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to user projects. • https://www.exploit-db.com/exploits/45989 https://github.com/alt3kx/CVE-2018-7690 https://softwaresupport.softwaregrp.com/doc/KM03298201 •

CVSS: 9.8EPSS: 16%CPEs: 3EXPL: 2

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de XEE (XML External Entity) en Fortify Software Security Center (SSC) en versiones 17.1, 17.2 y 18.1 permite que usuarios remotos no autenticados lean archivos arbitrarios o lleven a cabo ataques de SSRF (Server-Side Request Forgery) mediante un DTD manipulado en una petición XML. Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/45027 https://github.com/alt3kx/CVE-2018-12463 http://www.securitytracker.com/id/1041286 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563 • CWE-611: Improper Restriction of XML External Entity Reference •