Lucene search

China National Vulnerability DatabaseCNVD-2023-84326

HistoryOct 23, 2023 - 12:00 a.m.

HCL Technologies Compass Access Control Error Vulnerability

2023-10-2300:00:00

China National Vulnerability Database

www.cnvd.org.cn

hcl technologies

compass

access control

vulnerability

change management software

usa

testing

integration

developer tools

application

authenticated session

logout function

attacker

emulate user

exploit

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disabling an authenticated session when the logout function is invoked, which can be exploited by an attacker who can replay it to the application and use it to emulate a user.

CPENameOperatorVersion
hcl technologies hcl compass >=2.0.0,le2.0.3
hcl technologies hcl compasseq2.1.0
hcl technologies hcl compass >=2.2.0，le2.2.3

Name	Operator	Version
hcl technologies hcl compass >=2.0.0,	le	2.0.3
hcl technologies hcl compass	eq	2.1.0
hcl technologies hcl compass >=2.2.0，	le	2.2.3