XML External Entity Injection Vulnerability in HCL AppScan Standard
CVE-2019-4391

8.2HIGH

Key Information:

Vendor: HCL Software
Status: Hcl Appscan Standard Edition
Vendor: CVE Published:; 7 April 2020

Summary

HCL AppScan Standard is susceptible to an XML External Entity (XXE) injection attack while processing XML data. This vulnerability potentially allows adversaries to gain unauthorized access to sensitive data, perform server-side request forgery (SSRF), or cause denial-of-service conditions by manipulating XML inputs. Proper validation and sanitization of XML data are critical to mitigating risks associated with this vulnerability.

Affected Version(s)

HCL AppScan Standard Edition HCL AppScan Standard versions 9.x and earlier

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2020
Vulnerability Reserved
Jan 3, 2019