11 results (0.008 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. • https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116990 • CWE-295: Improper Certificate Validation •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. HCL AppScan Source versiones 9.0.3.13 y anteriores, es susceptible a ataques de tipo cross-site scripting (XSS) al permitir a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0074364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. HCL AppScan Source versiones anteriores a 9.03.13, es susceptible a ataques de tipo XML External Entity (XXE) en múltiples ubicaciones. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sys_id=0812a9961b0c885077761fc58d4bcb06 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0

IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721. IBM Rational AppScan Source 8.0 hasta la versión 8.0.0.2 y 8.5 hasta la versión 8.5.0.1; y Security AppScan Source 8.6 hasta la versión 8.6.0.2, 8.7 hasta la versión 8.7.0.1, 8.8, 9.0 hasta la versión 9.0.0.1 y 9.0.1 permiten que atacantes remotos ejecuten comandos arbitrarios en el servidor de instalación mediante vectores sin especificar. IBM X-Force ID: 96721. • https://exchange.xforce.ibmcloud.com/vulnerabilities/96721 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM AppScan Source 8.7 hasta la versión 9.0.3.3 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21987326 http://www.securityfocus.com/bid/92388 • CWE-611: Improper Restriction of XML External Entity Reference •