CVE-2023-37504 An insufficient session expiration vulnerability affects HCL Compass

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user...

CVE-2023-37504

The CVE-2023-37504 entry covers HCL Compass failing to invalidate authenticated sessions on logout. If a session ID is discovered, it can be replayed to impersonate the user. Public sources in connected docs corroborate an Access/Session-Expiration issue but do not specify a vendor patch version;...

HCL Technologies Compass 安全漏洞

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a weak password vulnerability that stems from susceptibility to insecure password...

HCL Technologies Compass 代码问题漏洞

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from an Access Control Error vulnerability that stems from the application not disablin...

CVE-2023-37502

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

CVE-2023-37502

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

Design/Logic Flaw

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

CVE-2023-37502

The CVE-2023-37502 issue affects HCL Compass (file upload). The connected CNVD and CNNVD entries describe an unrestricted file upload vulnerability due to inadequate validation of uploaded files, enabling an attacker to upload files containing active code that could execute on the server (e.g., P...

CVE-2023-37502 An unrestricted file upload vulnerability affects HCL Compass

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

CVE-2023-37502 An unrestricted file upload vulnerability affects HCL Compass

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

PT-2023-26001 · Hcl · Hcl Compass

Name of the Vulnerable Software and Affected Versions: HCL Compass affected versions not specified Description: The issue is related to the failure to invalidate sessions. When the log out functionality is called, the application does not invalidate authenticated sessions. If the session identifi...

HCL Technologies Compass 代码问题漏洞

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a file upload vulnerability that stems from the application's lack of effective...

PT-2023-9454 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions 1.35.0 through 1.42.0 Description: The issue is related to the acceptance and use of insufficiently validated input from an untrusted external source by MongoDB Compass. This may cause unintended application behavior,...

CVE-2023-39023

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...

CVE-2023-39023

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...

CVE-2023-39023

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...

Code injection

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...

University Compass 代码注入漏洞

University Compass is a college counseling application from University Compass, Inc. A security vulnerability exists in University Compass v2.2.0 and earlier versions, which stems from the inclusion of a code injection vulnerability in the component...

PT-2023-26744 · Unknown · University Compass

Name of the Vulnerable Software and Affected Versions: University Compass versions 2.2.0 and below Description: The issue is related to a code injection vulnerability in the org.compass.core.executor.DefaultExecutorManager.configure component. This vulnerability can be exploited by passing an...

CVE-2023-39023

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...