virus logo Intrusion Prevention

Micro.Focus.Fortify.SSC.XML.XXE

description-logoDescription

This indicates an attack attempt against a XML external entity (XXE) vulnerability in MicroFocus Fortify Software Security Center (SSC).
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, or to execute arbitrary code as the target software, via a crafted XML file.

affected-products-logoAffected Products

MicroFocus Fortify Software Security Center 17.1
MicroFocus Fortify Software Security Center 17.2
MicroFocus Fortify Software Security Center 18.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the latest patch from the vendor.
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03201563

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-22 15.729 Name:MicroFocus.
Fortify.
SSC.
XML.
XXE:Micro.
Focus.
Fortify.
SSC.
XML.
XXE
2019-05-24 14.620 Default_action:pass:drop
2019-05-10 14.612

References

https://softwaresupport.softwaregrp.com/doc/KM03201563 45027
ID 47823
Created May 10, 2019
Updated Feb 08, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2018-12463
Exploit Prediction Score 17.2%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other