Compass
by HCL Software
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0280 | Hig | 0.49 | 7.5 | 0.00 | Sep 3, 2025 | A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | ||
| CVE-2025-1755 | 0.00 | — | 0.00 | Feb 27, 2025 | MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1 | |||
| CVE-2024-3371 | 0.00 | — | 0.00 | Apr 24, 2024 | MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to… | |||
| CVE-2023-37503 | 0.00 | — | 0.00 | Oct 19, 2023 | HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts. | |||
| CVE-2023-37504 | 0.00 | — | 0.00 | Oct 19, 2023 | HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the… | |||
| CVE-2023-37502 | 0.00 | — | 0.00 | Oct 18, 2023 | HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. | |||
| CVE-2022-42447 | 0.00 | — | 0.00 | Mar 27, 2023 | HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. | |||
| CVE-2018-14989 | 0.00 | — | 0.02 | Apr 25, 2019 | The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-eng.root.20161223.224055) that… | |||
| CVE-2018-10604 | 0.00 | — | 0.02 | Jul 24, 2018 | SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. |
- risk 0.49cvss 7.5epss 0.00
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
- CVE-2025-1755Feb 27, 2025risk 0.00cvss —epss 0.00
MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. This issue affects MongoDB Compass prior to 1.42.1
- CVE-2024-3371Apr 24, 2024risk 0.00cvss —epss 0.00
MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to…
- CVE-2023-37503Oct 19, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
- CVE-2023-37504Oct 19, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the…
- CVE-2023-37502Oct 18, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
- CVE-2022-42447Mar 27, 2023risk 0.00cvss —epss 0.00
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
- CVE-2018-14989Apr 25, 2019risk 0.00cvss —epss 0.02
The Plum Compass Android device with a build fingerprint of PLUM/c179_hwf_221/c179_hwf_221:6.0/MRA58K/W16.51.5-22:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-eng.root.20161223.224055) that…
- CVE-2018-10604Jul 24, 2018risk 0.00cvss —epss 0.02
SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution.