Fortify SSC versions 17.10, 17.20, and 18.10 suffer from an out-of-band XML external entity injection vulnerability.
f3e1c3959ab0ee3579f60e32fbe1e85917f22334a58f48d1e070937e0785d71b
Micro Focus Security Bulletin MFSBGN03811 1 - An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC) allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Revision 1 of this advisory.
32ae304d64f32a9870172cef477f105d5a8994a5cf84ac35338227db8a3dada5