CVE-2018-7691
MFSBGN03835 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Un potencial acceso remoto no autorizado en Micro Focus Fortify Software Security Center (SSC) 17.10, 17.20 y 18.10 podrĂa permitir el acceso remoto no autorizado.
Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users.
*Credits:
Micro Focus would like to extend a special thanks to Alex Hernandez, aka alt3kx, for responsibly disclosing this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-05 CVE Reserved
- 2018-12-13 CVE Published
- 2018-12-15 First Exploit
- 2024-03-23 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03298201 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/45990 | 2024-09-16 | |
| https://github.com/alt3kx/CVE-2018-7691 | 2018-12-15 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Fortify Software Security Center Search vendor "Microfocus" for product "Fortify Software Security Center" | 17.10 Search vendor "Microfocus" for product "Fortify Software Security Center" and version "17.10" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Fortify Software Security Center Search vendor "Microfocus" for product "Fortify Software Security Center" | 17.20 Search vendor "Microfocus" for product "Fortify Software Security Center" and version "17.20" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Fortify Software Security Center Search vendor "Microfocus" for product "Fortify Software Security Center" | 18.10 Search vendor "Microfocus" for product "Fortify Software Security Center" and version "18.10" | - |
Affected
| ||||||