{"api_version":"1","generated_at":"2026-05-13T06:37:10+00:00","cve":"CVE-2018-6486","urls":{"html":"https://cve.report/CVE-2018-6486","api":"https://cve.report/api/cve/CVE-2018-6486.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6486","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6486"},"summary":{"title":"CVE-2018-6486","description":"XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.","state":"PUBLIC","assigner":"security@microfocus.com","published_at":"2018-02-02 14:29:00","updated_at":"2023-11-07 02:59:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/102902","name":"102902","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple HP Fortify Products CVE-2018-6486 XML External Entity Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653","name":"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653","refsource":"","tags":[],"title":"MySupport - Micro Focus Software Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6486","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6486","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_audit_workbench","cpe6":"16.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_audit_workbench","cpe6":"16.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_audit_workbench","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_audit_workbench","cpe6":"16.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_audit_workbench","cpe6":"16.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_audit_workbench","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_software_security_center","cpe6":"16.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_software_security_center","cpe6":"16.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_software_security_center","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_software_security_center","cpe6":"16.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_software_security_center","cpe6":"16.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6486","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microfocus","cpe5":"fortify_software_security_center","cpe6":"17.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@microfocus.com","DATE_PUBLIC":"2018-02-01T18:58:00.000Z","ID":"CVE-2018-6486","STATE":"PUBLIC","TITLE":"MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC)","version":{"version_data":[{"version_value":"16.10, 16.20, 17.10"}]}}]},"vendor_name":"Micro Focus"}]}},"credit":["Micro Focus would like to thank Jakub Palaczynski for reporting this issue to security-alert@hpe.com"],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection."}]},"exploit":"XML External Entity (XXE)","impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"XML External Entity (XXE)"}]}]},"references":{"reference_data":[{"name":"102902","refsource":"BID","url":"http://www.securityfocus.com/bid/102902"},{"name":"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653","refsource":"CONFIRM","url":"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03083653"}]}},"nvd":{"publishedDate":"2018-02-02 14:29:00","lastModifiedDate":"2023-11-07 02:59:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:fortify_audit_workbench:16.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:fortify_audit_workbench:16.20:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:fortify_audit_workbench:17.10:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:fortify_software_security_center:16.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:fortify_software_security_center:16.20:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microfocus:fortify_software_security_center:17.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6486","Ordinal":"122613","Title":"CVE-2018-6486","CVE":"CVE-2018-6486","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6486","Ordinal":"1","NoteData":"XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6486","Ordinal":"2","NoteData":"2018-02-02","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6486","Ordinal":"3","NoteData":"2021-01-06","Type":"Other","Title":"Modified"}]}}}