Lucene search

HCLCVELIST:CVE-2023-37503

HistoryOct 19, 2023 - 2:06 a.m.

CVE-2023-37503 A weak password requirements vulnerability affects HCL Compass

2023-10-1902:06:25

HCL

www.cve.org

hcl compass

weak password

vulnerability

user accounts

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Compass",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "2.0, 2.1, 2.2"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107512

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2023-37503