Clickjacking Vulnerability in HCL AppScan Enterprise API Documentation
CVE-2019-4323

4.3MEDIUM

Key Information:

Vendor: HCL Software
Status: "hcl Appscan Enterprise"
Vendor: CVE Published:; 7 July 2020

Summary

The documentation of the HCL AppScan Enterprise advisory API is vulnerable to clickjacking attacks, which can enable malicious actors to embed and trick users into interacting with untrusted web content via misleading frames. This type of vulnerability poses significant risks, as attackers could potentially capture user credentials or perform unauthorized actions on behalf of users in the context of the affected application.

Affected Version(s)

"HCL AppScan Enterprise" "Version 10.0.0 and below"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 7, 2020
Vulnerability Reserved
Jan 3, 2019