Lucene search

[email protected]CVE-2023-37503

HistoryOct 19, 2023 - 3:15 a.m.

CVE-2023-37503

2023-10-1903:15:08

CWE-521

[email protected]

web.nvd.nist.gov

hcl compass

vulnerability

insecure password

access control

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.2%

JSON

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.

Affected configurations

NVD

Node

hcltechhcl_compassRange2.0.0–2.0.3

hcltechhcl_compassRange2.2.0–2.2.3

hcltechhcl_compassMatch2.1.0

CPENameOperatorVersion
hcltech:hcl_compasshcltech hcl compassle2.0.3
hcltech:hcl_compasshcltech hcl compasslt2.2.3
hcltech:hcl_compasshcltech hcl compasseq2.1.0

CPE	Name	Operator	Version
hcltech:hcl_compass	hcltech hcl compass	le	2.0.3
hcltech:hcl_compass	hcltech hcl compass	lt	2.2.3
hcltech:hcl_compass	hcltech hcl compass	eq	2.1.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Compass",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "2.0, 2.1, 2.2"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107512

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.2%

JSON

Related for CVE-2023-37503

cvelist1 nvd1 cnvd1 prion1