Skip to main content

Appscan Source

4 CVEs product

Monthly

CVE-2024-30149 MEDIUM This Month

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appscan Source
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2019-4388 MEDIUM This Month

HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Appscan Source
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-16188 HIGH PATCH This Week

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

XXE Information Disclosure Appscan Source
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2016-3033 HIGH This Week

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE Appscan Source
NVD
CVSS 3.0
8.1
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM This Month

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appscan Source
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScript code in the Web UI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Appscan Source
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity (XXE) attacks in multiple locations. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

XXE Information Disclosure Appscan Source
NVD
EPSS 1% CVSS 8.1
HIGH This Week

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service XXE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy