Hcltech: >> Appscan >> 9.0.3.14 Security Vulnerabilities
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
CVSS Score
7.5
EPSS Score
0.003
Published
2020-10-06
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
CVSS Score
5.3
EPSS Score
0.001
Published
2020-10-06
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVSS Score
4.3
EPSS Score
0.002
Published
2020-07-07
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVSS Score
6.1
EPSS Score
0.003
Published
2020-07-07
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
CVSS Score
7.5
EPSS Score
0.004
Published
2020-04-21
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
CVSS Score
8.2
EPSS Score
0.005
Published
2020-04-07
HCL AppScan Standard is vulnerable to excessive authorization attempts
CVSS Score
9.8
EPSS Score
0.004
Published
2020-04-07