Micro.Focus.Fortify.SSC.XML.XXE
Description
This indicates an attack attempt against a XML external entity (XXE) vulnerability in MicroFocus Fortify Software Security Center (SSC).
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, or to execute arbitrary code as the target software, via a crafted XML file.
Affected Products
MicroFocus Fortify Software Security Center 17.1
MicroFocus Fortify Software Security Center 17.2
MicroFocus Fortify Software Security Center 18.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the latest patch from the vendor.
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |