CVE-2018-12463

high-risk

Published 2018-07-12

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Do I need to act?

21.9% chance of exploitation in next 30 days

EPSS score — higher than 78% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

45027

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Fortify Software Security Center

Affected Vendors

References (6)

http://www.securitytracker.com/id/1041286

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM032015...

https://www.exploit-db.com/exploits/45027/

http://www.securitytracker.com/id/1041286

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM032015...

https://www.exploit-db.com/exploits/45027/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 21/34 · High

Exposure 9/34 · Low