cvelistv5 - cve-2018-6486

CVE-2018-6486 (GCVE-0-2018-6486)

Vulnerability from cvelistv5

Published

2018-02-02 14:00

Modified

2024-09-16 16:28

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

XML External Entity (XXE)

Summary

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.

References

▼	URL	Tags
	security@opentext.com	http://www.securityfocus.com/bid/102902
	security@opentext.com	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102902
	af854a3a-2127-422b-91ae-364da2661108	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

Impacted products

	Vendor	Product	Version
	Micro Focus	Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)	Version: 16.10, 16.20, 17.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:49.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102902",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "16.10, 16.20, 17.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
        }
      ],
      "datePublic": "2018-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XML External Entity (XXE)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:24",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "102902",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
        }
      ],
      "title": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
          "ID": "CVE-2018-6486",
          "STATE": "PUBLIC",
          "TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.10, 16.20, 17.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus"
              }
            ]
          }
        },
        "credit": [
          "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
            }
          ]
        },
        "exploit": "XML External Entity (XXE)",
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XML External Entity (XXE)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102902",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102902"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2018-6486",
    "datePublished": "2018-02-02T14:00:00Z",
    "dateReserved": "2018-02-01T00:00:00",
    "dateUpdated": "2024-09-16T16:28:00.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-6486\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2018-02-02T14:29:01.497\",\"lastModified\":\"2024-11-21T04:10:45.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XEE (XML External Entity) en Micro Focus Fortify Audit Workbench (AWB) y Micro Focus Fortify Software Security Center (SSC), versiones 16.10, 16.20 y 17.10. Esta vulnerabilidad podr\u00eda ser explotada para permitir inyecci\u00f3n XEE (XML External Entity).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:fortify_audit_workbench:16.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCAC9EC0-3C36-465E-9687-B61BB7E5CD2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:fortify_audit_workbench:16.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADB15BAB-2A01-4505-B23A-6733FEA144F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:fortify_audit_workbench:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52BE8B0D-5180-4277-9A5B-0DF0C89A9FDB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:fortify_software_security_center:16.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA657021-3719-4055-BE1F-6402E976D68E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:fortify_software_security_center:16.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C7D5750-8985-4AE0-B3AE-D31E278027AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E137D7D-8108-4EE2-9800-EAC66AB82D77\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102902\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653\",\"source\":\"security@opentext.com\"},{\"url\":\"http://www.securityfocus.com/bid/102902\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-j28w-mfmp-m73w

Vulnerability from github

Published

2022-05-13 01:32

Modified

2022-05-13 01:32

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-6486"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-02T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.",
  "id": "GHSA-j28w-mfmp-m73w",
  "modified": "2022-05-13T01:32:01Z",
  "published": "2022-05-13T01:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6486"
    },
    {
      "type": "WEB",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102902"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2018-6486

Vulnerability from fkie_nvd

Published

2018-02-02 14:29

Modified

2024-11-21 04:10

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security@opentext.com	http://www.securityfocus.com/bid/102902
	security@opentext.com	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102902
	af854a3a-2127-422b-91ae-364da2661108	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

Impacted products

Vendor	Product	Version
microfocus	fortify_audit_workbench	16.10
microfocus	fortify_audit_workbench	16.20
microfocus	fortify_audit_workbench	17.10
microfocus	fortify_software_security_center	16.10
microfocus	fortify_software_security_center	16.20
microfocus	fortify_software_security_center	17.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCAC9EC0-3C36-465E-9687-B61BB7E5CD2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB15BAB-2A01-4505-B23A-6733FEA144F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BE8B0D-5180-4277-9A5B-0DF0C89A9FDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA657021-3719-4055-BE1F-6402E976D68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:16.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C7D5750-8985-4AE0-B3AE-D31E278027AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E137D7D-8108-4EE2-9800-EAC66AB82D77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XEE (XML External Entity) en Micro Focus Fortify Audit Workbench (AWB) y Micro Focus Fortify Software Security Center (SSC), versiones 16.10, 16.20 y 17.10. Esta vulnerabilidad podr\u00eda ser explotada para permitir inyecci\u00f3n XEE (XML External Entity)."
    }
  ],
  "id": "CVE-2018-6486",
  "lastModified": "2024-11-21T04:10:45.413",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-02T14:29:01.497",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://www.securityfocus.com/bid/102902"
    },
    {
      "source": "security@opentext.com",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102902"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2018-04838

Vulnerability from cnvd

Title: Micro Focus Fortify Audit Workbench和Fortify Software Security Center XML外部实体注入漏洞

Description:

Micro Focus Fortify Audit Workbench（AWB）和Micro Focus Fortify Software Security Center（SSC）都是英国Micro Focus公司的产品。Micro Focus Fortify Audit Workbench（AWB）是一套软件安全审计平台。Micro Focus Fortify Software Security Center（SSC）是一套软件安全管理平台。

Micro Focus Fortify AWB和Micro Focus Fortify SSC中存在XML外部实体注入漏洞。攻击者可利用该漏洞获取敏感信息的访问权限或造成拒绝服务。

Severity: 高

Patch Name: Micro Focus Fortify Audit Workbench和Fortify Software Security Center XML外部实体注入漏洞的补丁

Patch Description:

Micro Focus Fortify AWB和Micro Focus Fortify SSC中存在XML外部实体注入漏洞。攻击者可利用该漏洞获取敏感信息的访问权限或造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

Reference: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653

Impacted products

Name
['Micro Focus Fortify Audit Workbench 16.10', 'Micro Focus Fortify Audit Workbench 16.20', 'Micro Focus Fortify Audit Workbench 17.10', 'Micro Focus Fortify Software Security Center 16.10', 'Micro Focus Fortify Software Security Center 16.20', 'Micro Focus Fortify Software Security Center 17.10']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6486"
    }
  },
  "description": "Micro Focus Fortify Audit Workbench\uff08AWB\uff09\u548cMicro Focus Fortify Software Security Center\uff08SSC\uff09\u90fd\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4ea7\u54c1\u3002Micro Focus Fortify Audit Workbench\uff08AWB\uff09\u662f\u4e00\u5957\u8f6f\u4ef6\u5b89\u5168\u5ba1\u8ba1\u5e73\u53f0\u3002Micro Focus Fortify Software Security Center\uff08SSC\uff09\u662f\u4e00\u5957\u8f6f\u4ef6\u5b89\u5168\u7ba1\u7406\u5e73\u53f0\u3002\r\n\r\nMicro Focus Fortify AWB\u548cMicro Focus Fortify SSC\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04838",
  "openTime": "2018-03-12",
  "patchDescription": "Micro Focus Fortify Audit Workbench\uff08AWB\uff09\u548cMicro Focus Fortify Software Security Center\uff08SSC\uff09\u90fd\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4ea7\u54c1\u3002Micro Focus Fortify Audit Workbench\uff08AWB\uff09\u662f\u4e00\u5957\u8f6f\u4ef6\u5b89\u5168\u5ba1\u8ba1\u5e73\u53f0\u3002Micro Focus Fortify Software Security Center\uff08SSC\uff09\u662f\u4e00\u5957\u8f6f\u4ef6\u5b89\u5168\u7ba1\u7406\u5e73\u53f0\u3002\r\n\r\nMicro Focus Fortify AWB\u548cMicro Focus Fortify SSC\u4e2d\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Micro Focus Fortify Audit Workbench\u548cFortify Software Security Center XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Micro Focus Fortify Audit Workbench 16.10",
      "Micro Focus Fortify Audit Workbench 16.20",
      "Micro Focus Fortify Audit Workbench 17.10",
      "Micro Focus Fortify Software Security Center 16.10",
      "Micro Focus Fortify Software Security Center 16.20",
      "Micro Focus Fortify Software Security Center 17.10"
    ]
  },
  "referenceLink": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-05",
  "title": "Micro Focus Fortify Audit Workbench\u548cFortify Software Security Center XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e"
}

gsd-2018-6486

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-6486

Aliases

CVE-2018-6486

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-6486",
    "description": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.",
    "id": "GSD-2018-6486"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-6486"
      ],
      "details": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.",
      "id": "GSD-2018-6486",
      "modified": "2023-12-13T01:22:35.652758Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
        "ID": "CVE-2018-6486",
        "STATE": "PUBLIC",
        "TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "16.10, 16.20, 17.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Micro Focus"
            }
          ]
        }
      },
      "credit": [
        "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
          }
        ]
      },
      "exploit": "XML External Entity (XXE)",
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "XML External Entity (XXE)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "102902",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102902"
          },
          {
            "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
            "refsource": "CONFIRM",
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:fortify_audit_workbench:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:fortify_software_security_center:16.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:fortify_software_security_center:16.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2018-6486"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
            },
            {
              "name": "102902",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102902"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:41Z",
      "publishedDate": "2018-02-02T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-6486 (GCVE-0-2018-6486)

Vulnerability from cvelistv5

ghsa-j28w-mfmp-m73w

Vulnerability from github

fkie_cve-2018-6486

Vulnerability from fkie_nvd

cnvd-2018-04838

Vulnerability from cnvd

gsd-2018-6486

Vulnerability from gsd

Tags

Sightings

Nomenclature