CVE-2019-4392 — CVSS 9.8 (critical): HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized…
CVE-2019-4391 — CVSS 8.2 (high): HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
CVE-2019-4327 — CVSS 7.5 (high): "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's…
CVE-2019-4326 — CVSS 7.5 (high): "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Securit…
CVE-2019-4324 — CVSS 6.1 (medium): "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
CVE-2019-4325 — CVSS 5.3 (medium): "HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
CVE-2019-4323 — CVSS 4.3 (medium): "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of…