This page lists publicly disclosed CVE vulnerabilities affecting hcltech appscan (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-4326 | "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | [email protected] | 7.5 | 0.32% | 2020-10-06 | 2024-11-21 |
| CVE-2019-4325 | "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details." | [email protected] | 5.3 | 0.07% | 2020-10-06 | 2024-11-21 |
| CVE-2019-4324 | "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." | [email protected] | 6.1 | 0.31% | 2020-07-07 | 2024-11-21 |
| CVE-2019-4323 | "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | [email protected] | 4.3 | 0.18% | 2020-07-07 | 2024-11-21 |
| CVE-2019-4327 | "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | [email protected] | 7.5 | 0.41% | 2020-04-21 | 2024-11-21 |
| CVE-2019-4393 | HCL AppScan Standard is vulnerable to excessive authorization attempts | [email protected] | 9.8 | 0.35% | 2020-04-07 | 2024-11-21 |
| CVE-2019-4391 | HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | [email protected] | 8.2 | 0.49% | 2020-04-07 | 2024-11-21 |
| CVE-2019-4392 | HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. | [email protected] | 9.8 | 0.39% | 2020-02-14 | 2024-11-21 |