Vulnerabilities > Hcltech > Appscan
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-06 | CVE-2019-4326 | Improper Encoding or Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | 7.5 |
| 2020-10-06 | CVE-2019-4325 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Appscan 10.0.0/10.0.1/9.0.3.14 "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | 5.3 |
| 2020-07-07 | CVE-2019-4324 | Cross-site Scripting vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | 6.1 |
| 2020-07-07 | CVE-2019-4323 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Appscan 10.0.0/9.0.3.14 "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | 4.3 |
| 2020-04-21 | CVE-2019-4327 | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.14 "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | 7.5 |
| 2020-04-07 | CVE-2019-4393 | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Appscan 10.0.0/9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to excessive authorization attempts | 9.8 |
| 2020-04-07 | CVE-2019-4391 | XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 8.2 |
| 2020-02-14 | CVE-2019-4392 | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.13 HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | 9.8 |