Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for appscan by hcltech
CVE-2019-4326 (GCVE-0-2019-4326)
Vulnerability from nvd – Published: 2020-10-06 17:22 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
Severity ?
No CVSS data available.
CWE
- "Security Misconfiguration"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise " |
Affected:
"10.0.0 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise \"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"10.0.0 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Security Misconfiguration\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:22:45.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise \"",
"version": {
"version_data": [
{
"version_value": "\"10.0.0 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Security Misconfiguration\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4326",
"datePublished": "2020-10-06T17:22:45.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:38.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4325 (GCVE-0-2019-4325)
Vulnerability from nvd – Published: 2020-10-06 17:18 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
Severity ?
No CVSS data available.
CWE
- "Security Misconfiguration"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise " |
Affected:
"10.0.1 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise \"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"10.0.1 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Security Misconfiguration\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:18:43.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise \"",
"version": {
"version_data": [
{
"version_value": "\"10.0.1 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Security Misconfiguration\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4325",
"datePublished": "2020-10-06T17:18:43.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4324 (GCVE-0-2019-4324)
Vulnerability from nvd – Published: 2020-07-07 14:45 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
Severity ?
No CVSS data available.
CWE
- "Cross-site scripting"
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise" |
Affected:
"Version 10.0.0 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"Version 10.0.0 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Cross-site scripting\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T21:02:24.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise\"",
"version": {
"version_data": [
{
"version_value": "\"Version 10.0.0 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Cross-site scripting\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574"
},
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4324",
"datePublished": "2020-07-07T14:45:17.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:38.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4323 (GCVE-0-2019-4323)
Vulnerability from nvd – Published: 2020-07-07 14:49 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
Severity ?
No CVSS data available.
CWE
- "Clickjacking"
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise" |
Affected:
"Version 10.0.0 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"Version 10.0.0 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Clickjacking\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T21:02:24.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise\"",
"version": {
"version_data": [
{
"version_value": "\"Version 10.0.0 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Clickjacking\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572"
},
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4323",
"datePublished": "2020-07-07T14:49:46.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4327 (GCVE-0-2019-4327)
Vulnerability from nvd – Published: 2020-04-21 18:13 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
Severity ?
No CVSS data available.
CWE
- "Broken authentication"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise Edition" |
Affected:
"HCL AppScan Enterprise 9.0.3.14 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise Edition\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"HCL AppScan Enterprise 9.0.3.14 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application\u0027s encrypted files.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Broken authentication\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T18:13:45.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise Edition\"",
"version": {
"version_data": [
{
"version_value": "\"HCL AppScan Enterprise 9.0.3.14 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application\u0027s encrypted files.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Broken authentication\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4327",
"datePublished": "2020-04-21T18:13:45.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4393 (GCVE-0-2019-4393)
Vulnerability from nvd – Published: 2020-04-07 15:14 – Updated: 2024-08-04 19:33
VLAI?
Summary
HCL AppScan Standard is vulnerable to excessive authorization attempts
Severity ?
No CVSS data available.
CWE
- "Broken Authentication"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL AppScan Standard Edition |
Affected:
HCL AppScan Standard Edition 9.0.3.14 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL AppScan Standard Edition",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL AppScan Standard Edition 9.0.3.14 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL AppScan Standard is vulnerable to excessive authorization attempts"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Broken Authentication\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T15:14:27.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL AppScan Standard Edition",
"version": {
"version_data": [
{
"version_value": "HCL AppScan Standard Edition 9.0.3.14 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL AppScan Standard is vulnerable to excessive authorization attempts"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Broken Authentication\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4393",
"datePublished": "2020-04-07T15:14:27.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4391 (GCVE-0-2019-4391)
Vulnerability from nvd – Published: 2020-04-07 15:12 – Updated: 2024-08-04 19:33
VLAI?
Summary
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
Severity ?
No CVSS data available.
CWE
- "XML External Entity Injection"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL AppScan Standard Edition |
Affected:
HCL AppScan Standard versions 9.x and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL AppScan Standard Edition",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL AppScan Standard versions 9.x and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"XML External Entity Injection\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T15:12:23.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL AppScan Standard Edition",
"version": {
"version_data": [
{
"version_value": "HCL AppScan Standard versions 9.x and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"XML External Entity Injection\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4391",
"datePublished": "2020-04-07T15:12:23.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:38.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4392 (GCVE-0-2019-4392)
Vulnerability from nvd – Published: 2020-02-14 21:10 – Updated: 2024-08-04 19:33
VLAI?
Summary
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
Severity ?
No CVSS data available.
CWE
- Broken authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | HCL AppScan Standard Edition |
Affected:
9.0.3.13 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL AppScan Standard Edition",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.3.13 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T21:02:24.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL AppScan Standard Edition",
"version": {
"version_data": [
{
"version_value": "9.0.3.13 and earlier versions"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661",
"refsource": "MISC",
"url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4392",
"datePublished": "2020-02-14T21:10:08.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4326 (GCVE-0-2019-4326)
Vulnerability from cvelistv5 – Published: 2020-10-06 17:22 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
Severity ?
No CVSS data available.
CWE
- "Security Misconfiguration"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise " |
Affected:
"10.0.0 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise \"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"10.0.0 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Security Misconfiguration\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:22:45.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise \"",
"version": {
"version_data": [
{
"version_value": "\"10.0.0 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Security Misconfiguration\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4326",
"datePublished": "2020-10-06T17:22:45.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:38.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4325 (GCVE-0-2019-4325)
Vulnerability from cvelistv5 – Published: 2020-10-06 17:18 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
Severity ?
No CVSS data available.
CWE
- "Security Misconfiguration"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise " |
Affected:
"10.0.1 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise \"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"10.0.1 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Security Misconfiguration\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:18:43.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise \"",
"version": {
"version_data": [
{
"version_value": "\"10.0.1 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Security Misconfiguration\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0082503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4325",
"datePublished": "2020-10-06T17:18:43.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4323 (GCVE-0-2019-4323)
Vulnerability from cvelistv5 – Published: 2020-07-07 14:49 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
Severity ?
No CVSS data available.
CWE
- "Clickjacking"
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise" |
Affected:
"Version 10.0.0 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"Version 10.0.0 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Clickjacking\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T21:02:24.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise\"",
"version": {
"version_data": [
{
"version_value": "\"Version 10.0.0 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Clickjacking\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572"
},
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080572\u0026sys_kb_id=3668a078dbb9101855f38d6d13961955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4323",
"datePublished": "2020-07-07T14:49:46.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4324 (GCVE-0-2019-4324)
Vulnerability from cvelistv5 – Published: 2020-07-07 14:45 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
Severity ?
No CVSS data available.
CWE
- "Cross-site scripting"
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise" |
Affected:
"Version 10.0.0 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"Version 10.0.0 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Cross-site scripting\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T21:02:24.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise\"",
"version": {
"version_data": [
{
"version_value": "\"Version 10.0.0 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Cross-site scripting\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0080574"
},
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958",
"refsource": "CONFIRM",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sys_id=cd5030b4dbbd101855f38d6d13961958"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4324",
"datePublished": "2020-07-07T14:45:17.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:38.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4327 (GCVE-0-2019-4327)
Vulnerability from cvelistv5 – Published: 2020-04-21 18:13 – Updated: 2024-08-04 19:33
VLAI?
Summary
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
Severity ?
No CVSS data available.
CWE
- "Broken authentication"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | "HCL AppScan Enterprise Edition" |
Affected:
"HCL AppScan Enterprise 9.0.3.14 and below"
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "\"HCL AppScan Enterprise Edition\"",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\"HCL AppScan Enterprise 9.0.3.14 and below\""
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application\u0027s encrypted files.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Broken authentication\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-21T18:13:45.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "\"HCL AppScan Enterprise Edition\"",
"version": {
"version_data": [
{
"version_value": "\"HCL AppScan Enterprise 9.0.3.14 and below\""
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application\u0027s encrypted files.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Broken authentication\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0078222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4327",
"datePublished": "2020-04-21T18:13:45.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4393 (GCVE-0-2019-4393)
Vulnerability from cvelistv5 – Published: 2020-04-07 15:14 – Updated: 2024-08-04 19:33
VLAI?
Summary
HCL AppScan Standard is vulnerable to excessive authorization attempts
Severity ?
No CVSS data available.
CWE
- "Broken Authentication"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL AppScan Standard Edition |
Affected:
HCL AppScan Standard Edition 9.0.3.14 and below
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL AppScan Standard Edition",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL AppScan Standard Edition 9.0.3.14 and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL AppScan Standard is vulnerable to excessive authorization attempts"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"Broken Authentication\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T15:14:27.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL AppScan Standard Edition",
"version": {
"version_data": [
{
"version_value": "HCL AppScan Standard Edition 9.0.3.14 and below"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL AppScan Standard is vulnerable to excessive authorization attempts"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"Broken Authentication\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4393",
"datePublished": "2020-04-07T15:14:27.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4391 (GCVE-0-2019-4391)
Vulnerability from cvelistv5 – Published: 2020-04-07 15:12 – Updated: 2024-08-04 19:33
VLAI?
Summary
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
Severity ?
No CVSS data available.
CWE
- "XML External Entity Injection"
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | HCL AppScan Standard Edition |
Affected:
HCL AppScan Standard versions 9.x and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:38.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL AppScan Standard Edition",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "HCL AppScan Standard versions 9.x and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "\"XML External Entity Injection\"",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T15:12:23.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL AppScan Standard Edition",
"version": {
"version_data": [
{
"version_value": "HCL AppScan Standard versions 9.x and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "\"XML External Entity Injection\""
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917",
"refsource": "MISC",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0077917"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4391",
"datePublished": "2020-04-07T15:12:23.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:38.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4392 (GCVE-0-2019-4392)
Vulnerability from cvelistv5 – Published: 2020-02-14 21:10 – Updated: 2024-08-04 19:33
VLAI?
Summary
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
Severity ?
No CVSS data available.
CWE
- Broken authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | HCL AppScan Standard Edition |
Affected:
9.0.3.13 and earlier versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:33:37.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "HCL AppScan Standard Edition",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "9.0.3.13 and earlier versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T21:02:24.000Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@hcl.com",
"ID": "CVE-2019-4392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HCL AppScan Standard Edition",
"version": {
"version_data": [
{
"version_value": "9.0.3.13 and earlier versions"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Broken authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661",
"refsource": "MISC",
"url": "https://hclpnpsupport.hcltech.com/csm?id=kb_article\u0026sysparm_article=KB0075661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2019-4392",
"datePublished": "2020-02-14T21:10:08.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:33:37.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}