CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4393
https://notcve.org/view.php?id=CVE-2019-4393
HCL AppScan Standard is vulnerable to excessive authorization attempts HCL AppScan Standard es vulnerable a intentos de autorización excesivos. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077916 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4391
https://notcve.org/view.php?id=CVE-2019-4391
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data HCL AppScan Standard es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesa datos XML. • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0077917 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4392
https://notcve.org/view.php?id=CVE-2019-4392
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. HCL AppScan Standard Edition versiones 9.0.3.13 y anteriores, utilizan credenciales embebidas que pueden ser explotadas por atacantes para obtener acceso no autorizado al sistema. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0075661 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.3EPSS: 10%CPEs: 1EXPL: 2CVE-2008-2015 – Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods
https://notcve.org/view.php?id=CVE-2008-2015
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder. Múltiples vulnerabilidades de salto de ruta absoluta en determinados controles ActiveX en WatchFire AppScan 7.0, permiten a atacantes remotos crear o sobrescribir ficheros de su elección mediante un nombre de ruta completo en el argumento de los métodos (1) CompactSave y (2) SaveSession en un control, y (3) saveRecordedExploreToFile de otro control. NOTA: esto puede aprovecharse para ejecutar código escribiendo en una carpeta Startup. • https://www.exploit-db.com/exploits/5496 http://www.securityfocus.com/bid/28940 http://www.securitytracker.com/id?1019948 https://exchange.xforce.ibmcloud.com/vulnerabilities/42077 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •