AppScan Enterprise
by HCL Software
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-4326 | 0.00 | — | 0.01 | Oct 6, 2020 | "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | |||
| CVE-2019-4325 | 0.00 | — | 0.01 | Oct 6, 2020 | "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | |||
| CVE-2019-4323 | 0.00 | — | 0.01 | Jul 7, 2020 | "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | |||
| CVE-2019-4324 | 0.00 | — | 0.01 | Jul 7, 2020 | "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | |||
| CVE-2019-4327 | 0.00 | — | 0.01 | Apr 21, 2020 | "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." |
- CVE-2019-4326Oct 6, 2020risk 0.00cvss —epss 0.01
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
- CVE-2019-4325Oct 6, 2020risk 0.00cvss —epss 0.01
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
- CVE-2019-4323Jul 7, 2020risk 0.00cvss —epss 0.01
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
- CVE-2019-4324Jul 7, 2020risk 0.00cvss —epss 0.01
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
- CVE-2019-4327Apr 21, 2020risk 0.00cvss —epss 0.01
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."