CVE-2018-6486

{"id": "CVE-2018-6486", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-02-02T14:29:01.497", "references": [{"url": "http://www.securityfocus.com/bid/102902", "source": "[email protected]"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653", "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/102902", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."}, {"lang": "es", "value": "Vulnerabilidad XEE (XML External Entity) en Micro Focus Fortify Audit Workbench (AWB) y Micro Focus Fortify Software Security Center (SSC), versiones 16.10, 16.20 y 17.10. Esta vulnerabilidad podr\u00eda ser explotada para permitir inyecci\u00f3n XEE (XML External Entity)."}], "lastModified": "2024-11-21T04:10:45.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCAC9EC0-3C36-465E-9687-B61BB7E5CD2B"}, {"criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:16.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADB15BAB-2A01-4505-B23A-6733FEA144F8"}, {"criteria": "cpe:2.3:a:microfocus:fortify_audit_workbench:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52BE8B0D-5180-4277-9A5B-0DF0C89A9FDB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:16.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA657021-3719-4055-BE1F-6402E976D68E"}, {"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:16.20:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7D5750-8985-4AE0-B3AE-D31E278027AC"}, {"criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E137D7D-8108-4EE2-9800-EAC66AB82D77"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}