CVE-2019-4391

8.2HIGH

Key Information:

Vendor: HCL Software
Status: Hcl Appscan Standard Edition
Vendor: CVE Published:; 7 April 2020

Summary

HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data

Affected Version(s)

HCL AppScan Standard Edition HCL AppScan Standard versions 9.x and earlier

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2020
Vulnerability Reserved
Jan 3, 2019

.