CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37537 – HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability
https://notcve.org/view.php?id=CVE-2023-37537
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. Una vulnerabilidad de ruta de servicio no citada en HCL AppScan Presence, implementada como un servicio de Windows en HCL AppScan on Cloud (ASoC), puede permitir que un atacante local obtenga privilegios elevados. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108018 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4326
https://notcve.org/view.php?id=CVE-2019-4326
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." La sección de administración de actualización de las reglas de seguridad de HCL AppScan Enterprise de la consola de la aplicación web carece del encabezado HTTP Strict-Transport-Security • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082505 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4325
https://notcve.org/view.php?id=CVE-2019-4325
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." HCL AppScan Enterprise hace uso de algoritmos criptográficos rotos o arriesgados para almacenar detalles de usuarios de la API REST • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0082503 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4323
https://notcve.org/view.php?id=CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." HCL AppScan Enterprise consulta documentación de la API que es susceptible a un secuestro del click, lo que podría permitir a un atacante insertar el contenido de páginas web no confiables en un marco. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572&sys_kb_id=3668a078dbb9101855f38d6d13961955 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4324
https://notcve.org/view.php?id=CVE-2019-4324
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." HCL AppScan Enterprise, es susceptible a una vulnerabilidad de tipo cross-site scripting mientras se importa una política de prueba especialmente diseñada. • https://support.hcltechsw.com/csm?id=kb_article&sys_id=cd5030b4dbbd101855f38d6d13961958 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080574 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •