Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4325 | 1 Hcltech | 1 Appscan | 2020-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | |||||
CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | |||||
CVE-2019-4324 | 1 Hcltech | 1 Appscan | 2020-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | |||||
CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2020-07-15 | 4.3 MEDIUM | 4.3 MEDIUM |
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | |||||
CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2020-04-29 | 5.0 MEDIUM | 7.5 HIGH |
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | |||||
CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2020-04-08 | 6.4 MEDIUM | 8.2 HIGH |
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | |||||
CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2020-04-08 | 5.0 MEDIUM | 9.8 CRITICAL |
HCL AppScan Standard is vulnerable to excessive authorization attempts | |||||
CVE-2019-4392 | 1 Hcltech | 1 Appscan | 2020-02-19 | 10.0 HIGH | 9.8 CRITICAL |
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. |