Threat Encyclopedia

Micro.Focus.Fortify.SSC.XML.XXE

description-logoDescription

This indicates an attack attempt against a XML external entity (XXE) vulnerability in MicroFocus Fortify Software Security Center (SSC).
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, or to execute arbitrary code as the target software, via a crafted XML file.

affected-products-logoAffected Products

MicroFocus Fortify Software Security Center 17.1
MicroFocus Fortify Software Security Center 17.2
MicroFocus Fortify Software Security Center 18.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest patch from the vendor.
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563

CVE References

CVE-2018-12463