Vulnerabilities > CVE-2018-12463 - XXE vulnerability in HP Fortify Software Security Center 17.1/17.2/18.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection. CVE-2018-12463. Webapps exploit for Java platform |
file | exploits/java/webapps/45027.txt |
id | EDB-ID:45027 |
last seen | 2018-07-16 |
modified | 2018-07-16 |
platform | java |
port | |
published | 2018-07-16 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/45027/ |
title | Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/148539/CVE-2018-12463.txt |
id | PACKETSTORM:148539 |
last seen | 2018-07-14 |
published | 2018-07-13 |
reporter | Alt3kx |
source | https://packetstormsecurity.com/files/148539/Fortify-SSC-17.10-17.20-18.10-XXE-Injection.html |
title | Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection |
References
- http://www.securitytracker.com/id/1041286
- http://www.securitytracker.com/id/1041286
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
- https://www.exploit-db.com/exploits/45027/
- https://www.exploit-db.com/exploits/45027/