CVE-2019-4391

HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data

CVE-2019-4327

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."