Lucene search
K
HcltechHcl Compass

4 matches found

CVE
CVE
added 2023/03/27 10:22 p.m.65 views

CVE-2022-42447

HCL Compass is affected by a Cross-Origin Resource Sharing (CORS) vulnerability (CVE-2022-42447). The issue could allow an unprivileged remote attacker to trick a legitimate user into accessing a resource and issuing a malicious request. Documented CVSS metrics indicate a HIGH/CRITICAL impact wit...

9.6CVSS8.7AI score0.0035EPSS
CVE
CVE
added 2023/10/18 10:51 p.m.57 views

CVE-2023-37502

The CVE-2023-37502 issue affects HCL Compass (file upload). The connected CNVD and CNNVD entries describe an unrestricted file upload vulnerability due to inadequate validation of uploaded files, enabling an attacker to upload files containing active code that could execute on the server (e.g., P...

9CVSS8.8AI score0.00484EPSS
CVE
CVE
added 2023/10/19 2:6 a.m.57 views

CVE-2023-37503

Summary: CVE-2023-37503 affects HCL Compass and describes weak/insecure password requirements that could allow unauthorized access to user accounts. The connected documents consistently reference HCL Compass and the risk of easily guessing passwords, but do not provide concrete attacker vectors, ...

9.8CVSS9.1AI score0.00454EPSS
CVE
CVE
added 2023/10/19 12:9 a.m.47 views

CVE-2023-37504

The CVE-2023-37504 entry covers HCL Compass failing to invalidate authenticated sessions on logout. If a session ID is discovered, it can be replayed to impersonate the user. Public sources in connected docs corroborate an Access/Session-Expiration issue but do not specify a vendor patch version;...

7.1CVSS6.5AI score0.00292EPSS