Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

appscan

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

9
Related CVEsRelated VendorsRelated AssignersReports
9Vulnerabilities found
CVE-2019-4326
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 17:22
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscan"HCL AppScan Enterprise "
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2019-4325
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.14%
||
7 Day CHG~0.00%
Published-06 Oct, 2020 | 17:18
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscan"HCL AppScan Enterprise "
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2019-4323
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.84%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 14:49
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscan"HCL AppScan Enterprise"
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2019-4324
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.82%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 14:45
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscan"HCL AppScan Enterprise"
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-4327
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.35%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:13
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscan"HCL AppScan Enterprise Edition"
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2019-4393
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.82%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 15:14
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL AppScan Standard is vulnerable to excessive authorization attempts

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscanHCL AppScan Standard Edition
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2019-4391
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.55% / 66.89%
||
7 Day CHG~0.00%
Published-07 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data

Action-Not Available
Vendor-n/aHCL Technologies Ltd.
Product-appscanHCL AppScan Standard Edition
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-4392
Assigner-HCL Software
ShareView Details
Assigner-HCL Software
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.31%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 21:10
Updated-04 Aug, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.

Action-Not Available
Vendor-IBM CorporationHCL Technologies Ltd.
Product-appscanHCL AppScan Standard Edition
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2008-2015
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-4.07% / 88.09%
||
7 Day CHG~0.00%
Published-30 Apr, 2008 | 01:00
Updated-07 Aug, 2024 | 08:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Action-Not Available
Vendor-watchfiren/a
Product-appscann/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')