AppScan Source
by HCL Software
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16188 | Hig | 0.46 | 7.1 | 0.01 | Sep 25, 2019 | HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in… | ||
| CVE-2024-30149 | Med | 0.31 | 4.8 | 0.00 | Oct 31, 2024 | HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | ||
| CVE-2019-4388 | Med | 0.31 | 4.8 | 0.01 | Dec 18, 2019 | HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. |
- risk 0.46cvss 7.1epss 0.01
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in…
- risk 0.31cvss 4.8epss 0.00
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.
- risk 0.31cvss 4.8epss 0.01
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.