CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4327
https://notcve.org/view.php?id=CVE-2019-4327
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." "HCL AppScan Enterprise utiliza credenciales embebidas que pueden ser explotadas por los atacantes para obtener acceso no autorizado a los archivos cifrados de la aplicación". • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0078222 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4393
https://notcve.org/view.php?id=CVE-2019-4393
HCL AppScan Standard is vulnerable to excessive authorization attempts HCL AppScan Standard es vulnerable a intentos de autorización excesivos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077916 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4391
https://notcve.org/view.php?id=CVE-2019-4391
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data HCL AppScan Standard es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesa datos XML. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077917 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4392
https://notcve.org/view.php?id=CVE-2019-4392
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. HCL AppScan Standard Edition versiones 9.0.3.13 y anteriores, utilizan credenciales embebidas que pueden ser explotadas por atacantes para obtener acceso no autorizado al sistema. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0075661 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4388
https://notcve.org/view.php?id=CVE-2019-4388
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. HCL AppScan Source versiones 9.0.3.13 y anteriores, es susceptible a ataques de tipo cross-site scripting (XSS) al permitir a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0074364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •