Adding CVE-2018-6486

2025-08-04 08:44:25 +00:00 · 2018-02-01 14:44:47 -08:00 · 2018-02-01 14:44:47 -08:00 · 77f05ed0d7
commit 77f05ed0d7
parent a38d22996d
1 changed files with 76 additions and 12 deletions
--- a/2018/6xxx/CVE-2018-6486.json
+++ b/2018/6xxx/CVE-2018-6486.json
@ -1,18 +1,82 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-6486",
-      "STATE" : "RESERVED"
+   "CVE_data_meta": {
+      "ASSIGNER": "security@microfocus.com",
+      "DATE_PUBLIC": "2018-02-01T18:58:00.000Z",
+      "ID": "CVE-2018-6486",
+      "STATE": "PUBLIC",
+      "TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"
   },
-   "data_format" : "MITRE",
-   "data_type" : "CVE",
-   "data_version" : "4.0",
-   "description" : {
-      "description_data" : [
+   "affects": {
+      "vendor": {
+         "vendor_data": [
+            {
+               "product": {
+                  "product_data": [
+                     {
+                        "product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)",
+                        "version": {
+                           "version_data": [
+                              {
+                                 "version_value": "16.10, 16.20, 17.10"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name": "Micro Focus"
+            }
+         ]
+      }
+   },
+   "credit": [
+      "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"
+   ],
+   "data_format": "MITRE",
+   "data_type": "CVE",
+   "data_version": "4.0",
+   "description": {
+      "description_data": [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "lang": "eng",
+            "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."
+         }
+      ]
+   },
+   "exploit": "XML External Entity (XXE)",
+   "impact": {
+      "cvss": {
+         "attackComplexity": "LOW",
+         "attackVector": "NETWORK",
+         "availabilityImpact": "LOW",
+         "baseScore": 7.3,
+         "baseSeverity": "HIGH",
+         "confidentialityImpact": "LOW",
+         "integrityImpact": "LOW",
+         "privilegesRequired": "NONE",
+         "scope": "UNCHANGED",
+         "userInteraction": "NONE",
+         "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+         "version": "3.0"
+      }
+   },
+   "problemtype": {
+      "problemtype_data": [
+         {
+            "description": [
+               {
+                  "lang": "eng",
+                  "value": "XML External Entity (XXE)"
+               }
+            ]
+         }
+      ]
+   },
+   "references": {
+      "reference_data": [
+         {
+            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"
         }
      ]
   }
-}
+}