Vulnerability Details CVE-2018-12463
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.193
EPSS Ranking 95.1%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- http://www.securitytracker.com/id/1041286
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
- https://www.exploit-db.com/exploits/45027/
- http://www.securitytracker.com/id/1041286
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
- https://www.exploit-db.com/exploits/45027/
Products affected by CVE-2018-12463
-
cpe:2.3:a:hp:fortify_software_security_center:17.1
-
cpe:2.3:a:hp:fortify_software_security_center:17.2
-
cpe:2.3:a:hp:fortify_software_security_center:18.1