Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
HCL AppScan Standard is vulnerable to excessive authorization attempts
|
|||||
| CVE-2019-4392 | 1 Hcltech | 1 Appscan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
|
|||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
|
|||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
|
|||||
| CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
|
|||||
| CVE-2019-4325 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
|
|||||
| CVE-2019-4324 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
|
|||||
| CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
|
|||||