CVE-2019-4326
- EPSS 0.32%
- Veröffentlicht 06.10.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 04:43:28
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
CVE-2019-4325
- EPSS 0.11%
- Veröffentlicht 06.10.2020 18:15:13
- Zuletzt bearbeitet 21.11.2024 04:43:28
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
CVE-2019-4323
- EPSS 0.18%
- Veröffentlicht 07.07.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 04:43:28
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVE-2019-4324
- EPSS 0.31%
- Veröffentlicht 07.07.2020 15:15:10
- Zuletzt bearbeitet 21.11.2024 04:43:28
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVE-2019-4327
- EPSS 0.41%
- Veröffentlicht 21.04.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 04:43:28
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
CVE-2019-4391
- EPSS 0.55%
- Veröffentlicht 07.04.2020 16:15:17
- Zuletzt bearbeitet 21.11.2024 04:43:32
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
CVE-2019-4393
- EPSS 0.35%
- Veröffentlicht 07.04.2020 16:15:17
- Zuletzt bearbeitet 21.11.2024 04:43:32
HCL AppScan Standard is vulnerable to excessive authorization attempts
- EPSS 0.39%
- Veröffentlicht 14.02.2020 22:15:10
- Zuletzt bearbeitet 21.11.2024 04:43:32
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.