Published: 13/12/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access

Vulnerable Product	Search on Vulmon	Subscribe to Product
microfocus fortify software security center 17.10
microfocus fortify software security center 17.20
microfocus fortify software security center 18.10

Fortify Software Security Center versions 1710, 1720, and 1810 suffer from an insecure direct object reference vulnerability related to user projects ...

The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities in Fortify Software Security Center (SSC) 17.10, 17.20 & 18.10

CVE-2018-7690 The SSC REST API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users access to arbitrary details of the Local and LDAP users via POST method and to arbitrary details of other user's Fortify projects via GET method Exploit-DB publication at wwwexploit-dbcom/exploits/45989 PacketStorm publication at https:

NVD-CWE-noinfo https://www.exploit-db.com/exploits/45989/https://softwaresupport.softwaregrp.com/doc/KM03298201 https://nvd.nist.gov https://github.com/alt3kx/CVE-2018-7690 https://packetstormsecurity.com/files/150770/Fortify-SSC-17.10-17.20-18.10-Project-Insecure-Direct-Object-Reference.html

CVE-2018-7690

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect