Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for HCL Compass by HCL Software
CVE-2023-37503 (GCVE-0-2023-37503)
Vulnerability from cvelistv5 – Published: 2023-10-19 02:06 – Updated: 2024-09-12 18:01
VLAI
Title
A weak password requirements vulnerability affects HCL Compass
Summary
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Compass |
Affected:
2.0, 2.1, 2.2
|
|
| hcl_software | hcl_compass |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:* |
Date Public
2023-10-19 01:15
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hcl_compass",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:59:33.620462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:01:46.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Compass",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2"
}
]
}
],
"datePublic": "2023-10-19T01:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T02:06:25.097Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A weak password requirements vulnerability affects HCL Compass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37503",
"datePublished": "2023-10-19T02:06:25.097Z",
"dateReserved": "2023-07-06T16:11:40.094Z",
"dateUpdated": "2024-09-12T18:01:46.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37504 (GCVE-0-2023-37504)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:09 – Updated: 2024-09-12 18:04
VLAI
Title
An insufficient session expiration vulnerability affects HCL Compass
Summary
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Compass |
Affected:
2.0, 2.1, 2.2
|
|
| hcl_software | hcl_compass |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:* |
Date Public
2023-10-18 23:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hcl_compass",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T18:03:06.887414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:04:17.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Compass",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2"
}
]
}
],
"datePublic": "2023-10-18T23:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u0026nbsp;If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u00a0If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T00:09:02.682Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An insufficient session expiration vulnerability affects HCL Compass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37504",
"datePublished": "2023-10-19T00:09:02.682Z",
"dateReserved": "2023-07-06T16:11:40.094Z",
"dateUpdated": "2024-09-12T18:04:17.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37502 (GCVE-0-2023-37502)
Vulnerability from cvelistv5 – Published: 2023-10-18 22:51 – Updated: 2024-09-13 14:54
VLAI
Title
An unrestricted file upload vulnerability affects HCL Compass
Summary
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Compass |
Affected:
2.0, 2.1, 2.2
|
|
| hcl_software | hcl_compass |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:* |
Date Public
2023-10-18 22:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hcl_compass",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T14:52:48.920542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:54:58.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Compass",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2"
}
]
}
],
"datePublic": "2023-10-18T22:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to lack of file upload security. \u0026nbsp;An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Compass is vulnerable to lack of file upload security. \u00a0An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T22:51:16.664Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An unrestricted file upload vulnerability affects HCL Compass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37502",
"datePublished": "2023-10-18T22:51:16.664Z",
"dateReserved": "2023-07-06T16:11:32.538Z",
"dateUpdated": "2024-09-13T14:54:58.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37503 (GCVE-0-2023-37503)
Vulnerability from nvd – Published: 2023-10-19 02:06 – Updated: 2024-09-12 18:01
VLAI
Title
A weak password requirements vulnerability affects HCL Compass
Summary
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Compass |
Affected:
2.0, 2.1, 2.2
|
|
| hcl_software | hcl_compass |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:* |
Date Public
2023-10-19 01:15
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hcl_compass",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:59:33.620462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:01:46.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Compass",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2"
}
]
}
],
"datePublic": "2023-10-19T01:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T02:06:25.097Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A weak password requirements vulnerability affects HCL Compass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37503",
"datePublished": "2023-10-19T02:06:25.097Z",
"dateReserved": "2023-07-06T16:11:40.094Z",
"dateUpdated": "2024-09-12T18:01:46.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37504 (GCVE-0-2023-37504)
Vulnerability from nvd – Published: 2023-10-19 00:09 – Updated: 2024-09-12 18:04
VLAI
Title
An insufficient session expiration vulnerability affects HCL Compass
Summary
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Compass |
Affected:
2.0, 2.1, 2.2
|
|
| hcl_software | hcl_compass |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:* |
Date Public
2023-10-18 23:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hcl_compass",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T18:03:06.887414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T18:04:17.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Compass",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2"
}
]
}
],
"datePublic": "2023-10-18T23:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u0026nbsp;If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u00a0If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T00:09:02.682Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An insufficient session expiration vulnerability affects HCL Compass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37504",
"datePublished": "2023-10-19T00:09:02.682Z",
"dateReserved": "2023-07-06T16:11:40.094Z",
"dateUpdated": "2024-09-12T18:04:17.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37502 (GCVE-0-2023-37502)
Vulnerability from nvd – Published: 2023-10-18 22:51 – Updated: 2024-09-13 14:54
VLAI
Title
An unrestricted file upload vulnerability affects HCL Compass
Summary
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| HCL Software | HCL Compass |
Affected:
2.0, 2.1, 2.2
|
|
| hcl_software | hcl_compass |
Affected:
2.0
Affected: 2.1 Affected: 2.2 cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:* |
Date Public
2023-10-18 22:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hcl_compass",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T14:52:48.920542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:54:58.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL Compass",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "2.0, 2.1, 2.2"
}
]
}
],
"datePublic": "2023-10-18T22:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to lack of file upload security. \u0026nbsp;An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "HCL Compass is vulnerable to lack of file upload security. \u00a0An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T22:51:16.664Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An unrestricted file upload vulnerability affects HCL Compass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37502",
"datePublished": "2023-10-18T22:51:16.664Z",
"dateReserved": "2023-07-06T16:11:32.538Z",
"dateUpdated": "2024-09-13T14:54:58.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}