CVE-2018-7691

MEDIUM

Micro Focus Fortify SSC <18.10 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-7691. PoCs published by alt3kx.

AI-analyzed exploit summary The exploit demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in Fortify SSC's REST API, allowing authenticated users with view-only privileges to extract arbitrary details of local and LDAP users via a crafted POST request to the /api/v1/bulk endpoint.

Description

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access

Exploits (2)

exploitdb WORKING POC VERIFIED
by alt3kx · textwebappsmultiple
https://www.exploit-db.com/exploits/45990

The exploit demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in Fortify SSC's REST API, allowing authenticated users with view-only privileges to extract arbitrary details of local and LDAP users via a crafted POST request to the /api/v1/bulk endpoint.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Fortify SSC (Software Security Center) 17.10, 17.20, 18.10
Auth required
Prerequisites: Authenticated session with view-only role · Access to the target Fortify SSC instance · curl and jq for automation
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP 1 stars
by alt3kx · poc
https://github.com/alt3kx/CVE-2018-7691

This repository contains a writeup for CVE-2018-7691, detailing an Insecure Direct Object Reference (IDOR) vulnerability in Fortify SSC REST API. The vulnerability allows authenticated users to access arbitrary user details and project information via POST and GET methods.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Fortify SSC versions 17.10, 17.20, and 18.10
Auth required
Prerequisites: Authenticated access to the Fortify SSC REST API
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45990/

Scores

CVSS v3 6.5
EPSS 0.0723
EPSS Percentile 93.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (3)
microfocus/fortify_software_security_center 17.10
microfocus/fortify_software_security_center 17.20
microfocus/fortify_software_security_center 18.10
Published Dec 13, 2018
Tracked Since Feb 18, 2026