{ "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2018-02-01T18:58:00.000Z", "ID": "CVE-2018-6486", "STATE": "PUBLIC", "TITLE": "MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)", "version": { "version_data": [ { "version_value": "16.10, 16.20, 17.10" } ] } } ] }, "vendor_name": "Micro Focus" } ] } }, "credit": [ "Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com" ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection." } ] }, "exploit": "XML External Entity (XXE)", "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "XML External Entity (XXE)" } ] } ] }, "references": { "reference_data": [ { "name": "102902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102902" }, { "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653" } ] } }