Web Application Console Vulnerability in HCL AppScan Enterprise
CVE-2019-4326

7.5HIGH

Key Information:

Vendor: HCL Software
Status: "hcl Appscan Enterprise "
Vendor: CVE Published:; 6 October 2020

Summary

The web application console of HCL AppScan Enterprise is susceptible to security risks due to the absence of the HTTP Strict-Transport-Security (HSTS) header in its administration section. This vulnerability may expose user data and interactions to potential attacks, as the lack of HSTS can permit man-in-the-middle attacks, undermining the application's overall security posture. It is crucial for users of HCL AppScan Enterprise to implement necessary security measures to safeguard their web applications.

Affected Version(s)

"HCL AppScan Enterprise " "10.0.0 and below"

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2020
Vulnerability Reserved
Jan 3, 2019