From 77f05ed0d7db4c3526aea3af512ac9e07a2cfadf Mon Sep 17 00:00:00 2001 From: Kokhanyy Date: Thu, 1 Feb 2018 14:44:47 -0800 Subject: [PATCH] Adding CVE-2018-6486 --- 2018/6xxx/CVE-2018-6486.json | 88 +++++++++++++++++++++++++++++++----- 1 file changed, 76 insertions(+), 12 deletions(-) diff --git a/2018/6xxx/CVE-2018-6486.json b/2018/6xxx/CVE-2018-6486.json index ccdb4483850..2d80a2d16b6 100644 --- a/2018/6xxx/CVE-2018-6486.json +++ b/2018/6xxx/CVE-2018-6486.json @@ -1,18 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6486", - "STATE" : "RESERVED" + "CVE_data_meta": { + "ASSIGNER": "security@microfocus.com", + "DATE_PUBLIC": "2018-02-01T18:58:00.000Z", + "ID": "CVE-2018-6486", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection" }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)", + "version": { + "version_data": [ + { + "version_value": "16.10, 16.20, 17.10" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } + ] + } + }, + "credit": [ + "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com" + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "lang": "eng", + "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection." + } + ] + }, + "exploit": "XML External Entity (XXE)", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653" } ] } -} +} \ No newline at end of file