CVSS: 9.8EPSS: 16%CPEs: 3EXPL: 2CVE-2018-12463 – MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12463
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Una vulnerabilidad de XEE (XML External Entity) en Fortify Software Security Center (SSC) en versiones 17.1, 17.2 y 18.1 permite que usuarios remotos no autenticados lean archivos arbitrarios o lleven a cabo ataques de SSRF (Server-Side Request Forgery) mediante un DTD manipulado en una petición XML. Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/45027 https://github.com/alt3kx/CVE-2018-12463 http://www.securitytracker.com/id/1041286 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3249
https://notcve.org/view.php?id=CVE-2012-3249
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. HP Fortify Software Security Center v3.1, v3.3, v3.4, y v3.5 permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03447895 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3248
https://notcve.org/view.php?id=CVE-2012-3248
HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. HP Fortify Software Security Center v3.1, v3.3, v3.4, y v3.5 permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id?1027398 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03447824 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •