Hcl Compass2.0
by HCL Software
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37503 | 0.00 | — | 0.00 | Oct 19, 2023 | HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||
| CVE-2023-37504 | 0.00 | — | 0.00 | Oct 19, 2023 | HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the… | |||
| CVE-2023-37502 | 0.00 | — | 0.00 | Oct 18, 2023 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||
| CVE-2022-42447 | 0.00 | — | 0.00 | Mar 27, 2023 | HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. |
- CVE-2023-37503Oct 19, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
- CVE-2023-37504Oct 19, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the…
- CVE-2023-37502Oct 18, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
- CVE-2022-42447Mar 27, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.