CVE-2018-12463 HIGH

CVE-2018-12463: MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities

Vendor Micro Focus
Product Fortify Software Security Center
Published July 12, 2018
Last update September 16, 2024

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Key dates

02Disclosure timeline

July 12, 2018 CVE published
September 16, 2024 Record updated