CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4388
https://notcve.org/view.php?id=CVE-2019-4388
HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. HCL AppScan Source versiones 9.0.3.13 y anteriores, es susceptible a ataques de tipo cross-site scripting (XSS) al permitir a usuarios insertar código JavaScript arbitrario en la interfaz de usuario web. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sysparm_article=KB0074364 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16188
https://notcve.org/view.php?id=CVE-2019-16188
HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the content of any file in the local file system (to which the victim as read access) can be exfiltrated to a remote listener under the attacker's control. The product does not disable external XML Entity Processing, which can lead to information disclosure and denial of services attacks. HCL AppScan Source versiones anteriores a 9.03.13, es susceptible a ataques de tipo XML External Entity (XXE) en múltiples ubicaciones. • https://hclpnpsupport.hcltech.com/csm?id=kb_article&sys_id=0812a9961b0c885077761fc58d4bcb06 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3035
https://notcve.org/view.php?id=CVE-2016-3035
IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. IBM AppScan Source podría revelar cierta información sensible a través de la exploración de enlaces de prueba en el servidor. • http://www.ibm.com/support/docview.wss?uid=swg21987325 http://www.securityfocus.com/bid/95177 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3034
https://notcve.org/view.php?id=CVE-2016-3034
IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily. IBM AppScan Source usa un hash unidireccional sin salt para cifrar información altamente sensible , lo que podría permitir a un atacante local descifrar información con mayor facilidad. • http://www.ibm.com/support/docview.wss?uid=swg21995903 http://www.securityfocus.com/bid/95195 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 0CVE-2016-3033
https://notcve.org/view.php?id=CVE-2016-3033
IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. IBM AppScan Source 8.7 hasta la versión 9.0.3.3 permite a usuarios remotos autenticados leer archivos arbitrarios o provocar una denegación de servicio (consumo de memoria) a través de un documento XML que contiene una declaración de entidad externa en conjunción con una referencia de entidad, relacionado con un problema XML External Entity (XXE). • http://www-01.ibm.com/support/docview.wss?uid=swg21987326 http://www.securityfocus.com/bid/92388 • CWE-611: Improper Restriction of XML External Entity Reference •