Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hcltech appscan vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37537
An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local malicious user to gain elevated privileges.
Hcltech Appscan Presence
5
CVSSv2
CVE-2019-4326
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
Hcltech Appscan
5
CVSSv2
CVE-2019-4325
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
Hcltech Appscan
4.3
CVSSv2
CVE-2019-4324
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
Hcltech Appscan
4.3
CVSSv2
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an malicious user to embed the contents of untrusted web pages in a frame."
Hcltech Appscan
5
CVSSv2
CVE-2019-4327
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by malicious users to get unauthorized access to application's encrypted files."
Hcltech Appscan
6.4
CVSSv2
CVE-2019-4391
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
Hcltech Appscan
5
CVSSv2
CVE-2019-4393
HCL AppScan Standard is vulnerable to excessive authorization attempts
Hcltech Appscan
10
CVSSv2
CVE-2019-4392
HCL AppScan Standard Edition 9.0.3.13 and previous versions uses hard-coded credentials which can be exploited by malicious users to get unauthorized access to the system.
Hcltech Appscan
3.5
CVSSv2
CVE-2019-4388
HCL AppScan Source 9.0.3.13 and previous versions is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI.
Hcltech Appscan Source
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »