CVE-2018-6486
HIGHMicro Focus Fortify Audit Workbench and Software Security Center 16.10, 16.20, 17.10 - XML External Entity Injection
Title source: llmDescription
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102902
Various Sources x_refsource_confirm
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653
Scores
CVSS v3
7.3
EPSS
0.0021
EPSS Percentile
43.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-611
Status
published
Products (6)
microfocus/fortify_audit_workbench
16.10
microfocus/fortify_audit_workbench
16.20
microfocus/fortify_audit_workbench
17.10
microfocus/fortify_software_security_center
16.10
microfocus/fortify_software_security_center
16.20
microfocus/fortify_software_security_center
17.10
Published
Feb 02, 2018
Tracked Since
Feb 18, 2026