4 matches found
CVE-2022-42447
HCL Compass is affected by a Cross-Origin Resource Sharing (CORS) vulnerability (CVE-2022-42447). The issue could allow an unprivileged remote attacker to trick a legitimate user into accessing a resource and issuing a malicious request. Documented CVSS metrics indicate a HIGH/CRITICAL impact wit...
CVE-2023-37502
The CVE-2023-37502 issue affects HCL Compass (file upload). The connected CNVD and CNNVD entries describe an unrestricted file upload vulnerability due to inadequate validation of uploaded files, enabling an attacker to upload files containing active code that could execute on the server (e.g., P...
CVE-2023-37503
Summary: CVE-2023-37503 affects HCL Compass and describes weak/insecure password requirements that could allow unauthorized access to user accounts. The connected documents consistently reference HCL Compass and the risk of easily guessing passwords, but do not provide concrete attacker vectors, ...
CVE-2023-37504
The CVE-2023-37504 entry covers HCL Compass failing to invalidate authenticated sessions on logout. If a session ID is discovered, it can be replayed to impersonate the user. Public sources in connected docs corroborate an Access/Session-Expiration issue but do not specify a vendor patch version;...