Appscan Security Vulnerabilities
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreTo...
7.5AI Score
0.104EPSS
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
4.3CVSS
4.5AI Score
0.001EPSS
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
6.1CVSS
6AI Score
0.001EPSS
"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."
5.3CVSS
5.3AI Score
0.001EPSS
"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."
7.5CVSS
7.6AI Score
0.002EPSS
"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."
7.5CVSS
7.5AI Score
0.002EPSS
HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data
8.2CVSS
8.3AI Score
0.002EPSS
HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system.
9.8CVSS
9.3AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS