Hcl Compass Security Vulnerabilities - CVSS Score 9 - 10

CVE-2022-42447

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.

CVE-2023-37502

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.

CVE-2023-37503

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.