Lucene search
K
HcltechAppscan

8 matches found

CVE
CVE
added 2020/02/14 9:10 p.m.129 views

CVE-2019-4392

CVE-2019-4392 affects HCL AppScan Standard Edition (version 9.0.3.13 and earlier). The underlying issue is hard-coded credentials in the product, enabling attackers to gain unauthorized access. CVSS indicates high/critical impact (C/H, I/H, A/H) with network attack vector and no user interaction....

10CVSS9.3AI score0.01387EPSS
CVE
CVE
added 2020/10/06 5:22 p.m.57 views

CVE-2019-4326

The CVE-2019-4326 entry concerns HCL AppScan Enterprise: the security rules update administration section of the web application console lacks the HTTP Strict-Transport-Security (HSTS) header. Affected component is the admin/service console for AppScan Enterprise; underlying issue is missing HSTS...

7.5CVSS7.6AI score0.01071EPSS
CVE
CVE
added 2020/10/06 5:18 p.m.56 views

CVE-2019-4325

CVE-2019-4325 affects HCL AppScan Enterprise; root cause is the use of broken or risky cryptographic algorithms to store REST API user details. Impact and remediation details are not explicitly provided in the connected documents; refer to the CVE entry for basic score context (MEDIUM) and the ve...

5.3CVSS5.3AI score0.00542EPSS
CVE
CVE
added 2020/07/07 2:45 p.m.51 views

CVE-2019-4324

The provided connected documents confirm CVE-2019-4324 affects HCL AppScan Enterprise and describe it as a Cross-Site Scripting vulnerability that occurs when importing a specially crafted test policy. The exact root cause, affected versions/products beyond “HCL AppScan Enterprise,” and practical...

6.1CVSS6AI score0.00648EPSS
CVE
CVE
added 2020/04/07 3:12 p.m.48 views

CVE-2019-4391

CVE-2019-4391 concerns HCL AppScan Standard being vulnerable to XML External Entity (XXE) injection while processing XML data. The CVSSv3.1 base score is 8.2 (HIGH) with network attack vector, no privileges required, no user interaction, and a confidentiality impact of HIGH, availability impact L...

8.2CVSS8.3AI score0.01231EPSS
CVE
CVE
added 2020/04/21 6:13 p.m.46 views

CVE-2019-4327

CVE-2019-4327 affects HCL AppScan Enterprise. The connected CNVD entry specifies the vulnerability exists in AppScan Enterprise versions 9.0.3.14 and earlier, arising from the use of hard-coded credentials. As a result, an attacker could gain unauthorized access to the application's encrypted fil...

7.5CVSS7.5AI score0.01015EPSS
CVE
CVE
added 2020/04/07 3:14 p.m.46 views

CVE-2019-4393

CVE-2019-4393 affects HCL AppScan Standard; root cause is an incorrect account lockout setting that enables excessive/brute-force authorization attempts. NVD notes a high-severity impact (CVSS 3.1: CRITICAL) with network exposure; exploitation status is not provided in the connected documents.

9.8CVSS9.3AI score0.01032EPSS
CVE
CVE
added 2020/07/07 2:49 p.m.40 views

CVE-2019-4323

CVE-2019-4323 concerns HCL AppScan Enterprise’s advisory API documentation being vulnerable to clickjacking. The CNVD entry specifies that AppScan Enterprise 10.0.0 and earlier versions are affected and that an attacker could inject content from untrustworthy pages by framing the advisory API doc...

4.3CVSS4.5AI score0.0075EPSS