Search
Search Results (11 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37537 | 1 Hcltech | 1 Appscan Presence | 2024-11-21 | 7.8 High |
| An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. | ||||
| CVE-2019-4393 | 1 Hcltech | 1 Appscan | 2024-11-21 | 9.8 Critical |
| HCL AppScan Standard is vulnerable to excessive authorization attempts | ||||
| CVE-2019-4392 | 1 Hcltech | 1 Appscan | 2024-11-21 | 9.8 Critical |
| HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | ||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-11-21 | 8.2 High |
| HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | ||||
| CVE-2019-4388 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 4.8 Medium |
| HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. | ||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-11-21 | 7.5 High |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | ||||
| CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2024-11-21 | 7.5 High |
| "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | ||||
| CVE-2019-4325 | 1 Hcltech | 1 Appscan | 2024-11-21 | 5.3 Medium |
| "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | ||||
| CVE-2019-4324 | 1 Hcltech | 1 Appscan | 2024-11-21 | 6.1 Medium |
| "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | ||||
| CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 Medium |
| "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | ||||
| CVE-2019-16188 | 1 Hcltech | 1 Appscan Source | 2024-11-21 | 7.1 High |
| HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. | ||||
Page 1 of 1.