Vulnerabilities > CVE-2018-12463 - XXE vulnerability in HP Fortify Software Security Center 17.1/17.2/18.1

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
hp
CWE-611
critical
exploit available
NVD
Published: 2018-07-12
Updated: 2023-11-07

Summary

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Vulnerable Configurations

Part Description Count
Application
Hp
3

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionFortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection. CVE-2018-12463. Webapps exploit for Java platform
fileexploits/java/webapps/45027.txt
idEDB-ID:45027
last seen2018-07-16
modified2018-07-16
platformjava
port
published2018-07-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45027/
titleFortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148539/CVE-2018-12463.txt
idPACKETSTORM:148539
last seen2018-07-14
published2018-07-13
reporterAlt3kx
sourcehttps://packetstormsecurity.com/files/148539/Fortify-SSC-17.10-17.20-18.10-XXE-Injection.html
titleFortify SSC 17.10 / 17.20 / 18.10 XXE Injection

References