Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for hcl_compass by hcltech

    CVE-2023-37503 (GCVE-0-2023-37503)

    Vulnerability from nvd – Published: 2023-10-19 02:06 – Updated: 2024-09-12 18:01
    VLAI
    Title
    A weak password requirements vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    hcl_software hcl_compass Affected: 2.0
    Affected: 2.1
    Affected: 2.2
        cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-19 01:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_compass",
                "vendor": "hcl_software",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37503",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T17:59:33.620462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:01:46.032Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-10-19T01:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T02:06:25.097Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A weak password requirements vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2023-37503",
        "datePublished": "2023-10-19T02:06:25.097Z",
        "dateReserved": "2023-07-06T16:11:40.094Z",
        "dateUpdated": "2024-09-12T18:01:46.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37504 (GCVE-0-2023-37504)

    Vulnerability from nvd – Published: 2023-10-19 00:09 – Updated: 2024-09-12 18:04
    VLAI
    Title
    An insufficient session expiration vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called.  If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    hcl_software hcl_compass Affected: 2.0
    Affected: 2.1
    Affected: 2.2
        cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-18 23:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_compass",
                "vendor": "hcl_software",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37504",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T18:03:06.887414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:04:17.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-10-18T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u0026nbsp;If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u00a0If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T00:09:02.682Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An insufficient session expiration vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2023-37504",
        "datePublished": "2023-10-19T00:09:02.682Z",
        "dateReserved": "2023-07-06T16:11:40.094Z",
        "dateUpdated": "2024-09-12T18:04:17.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37502 (GCVE-0-2023-37502)

    Vulnerability from nvd – Published: 2023-10-18 22:51 – Updated: 2024-09-13 14:54
    VLAI
    Title
    An unrestricted file upload vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    hcl_software hcl_compass Affected: 2.0
    Affected: 2.1
    Affected: 2.2
        cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-18 22:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_compass",
                "vendor": "hcl_software",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37502",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T14:52:48.920542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T14:54:58.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-10-18T22:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to lack of file upload security. \u0026nbsp;An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to lack of file upload security. \u00a0An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-18T22:51:16.664Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An unrestricted file upload vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2023-37502",
        "datePublished": "2023-10-18T22:51:16.664Z",
        "dateReserved": "2023-07-06T16:11:32.538Z",
        "dateUpdated": "2024-09-13T14:54:58.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42447 (GCVE-0-2022-42447)

    Vulnerability from nvd – Published: 2023-03-27 22:22 – Updated: 2025-02-19 15:48
    VLAI
    Title
    Cross-origin resource sharing vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass2.0 Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:10:40.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0103581"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T15:48:08.189986Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T15:48:15.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass2.0 ",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-02T18:48:52.109Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0103581"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-origin resource sharing vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2022-42447",
        "datePublished": "2023-03-27T22:22:29.522Z",
        "dateReserved": "2022-10-06T16:01:51.741Z",
        "dateUpdated": "2025-02-19T15:48:15.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37503 (GCVE-0-2023-37503)

    Vulnerability from cvelistv5 – Published: 2023-10-19 02:06 – Updated: 2024-09-12 18:01
    VLAI
    Title
    A weak password requirements vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    hcl_software hcl_compass Affected: 2.0
    Affected: 2.1
    Affected: 2.2
        cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-19 01:15
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.363Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_compass",
                "vendor": "hcl_software",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37503",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T17:59:33.620462Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:01:46.032Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-10-19T01:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T02:06:25.097Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107512"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "A weak password requirements vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2023-37503",
        "datePublished": "2023-10-19T02:06:25.097Z",
        "dateReserved": "2023-07-06T16:11:40.094Z",
        "dateUpdated": "2024-09-12T18:01:46.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37504 (GCVE-0-2023-37504)

    Vulnerability from cvelistv5 – Published: 2023-10-19 00:09 – Updated: 2024-09-12 18:04
    VLAI
    Title
    An insufficient session expiration vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called.  If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    hcl_software hcl_compass Affected: 2.0
    Affected: 2.1
    Affected: 2.2
        cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-18 23:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_compass",
                "vendor": "hcl_software",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37504",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T18:03:06.887414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T18:04:17.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-10-18T23:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u0026nbsp;If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u00a0If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T00:09:02.682Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107511"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An insufficient session expiration vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2023-37504",
        "datePublished": "2023-10-19T00:09:02.682Z",
        "dateReserved": "2023-07-06T16:11:40.094Z",
        "dateUpdated": "2024-09-12T18:04:17.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37502 (GCVE-0-2023-37502)

    Vulnerability from cvelistv5 – Published: 2023-10-18 22:51 – Updated: 2024-09-13 14:54
    VLAI
    Title
    An unrestricted file upload vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    hcl_software hcl_compass Affected: 2.0
    Affected: 2.1
    Affected: 2.2
        cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-10-18 22:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hcl_software:hcl_compass:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "hcl_compass",
                "vendor": "hcl_software",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.0"
                  },
                  {
                    "status": "affected",
                    "version": "2.1"
                  },
                  {
                    "status": "affected",
                    "version": "2.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37502",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-13T14:52:48.920542Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-13T14:54:58.654Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "datePublic": "2023-10-18T22:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to lack of file upload security. \u0026nbsp;An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to lack of file upload security. \u00a0An attacker could upload files containing active code that can be executed by the server or by a user\u0027s web browser.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-18T22:51:16.664Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107510"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An unrestricted file upload vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2023-37502",
        "datePublished": "2023-10-18T22:51:16.664Z",
        "dateReserved": "2023-07-06T16:11:32.538Z",
        "dateUpdated": "2024-09-13T14:54:58.654Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-42447 (GCVE-0-2022-42447)

    Vulnerability from cvelistv5 – Published: 2023-03-27 22:22 – Updated: 2025-02-19 15:48
    VLAI
    Title
    Cross-origin resource sharing vulnerability affects HCL Compass
    Summary
    HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    HCL
    Impacted products
    Vendor Product Version
    HCL Software HCL Compass2.0 Affected: 2.0, 2.1, 2.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:10:40.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0103581"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-42447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-19T15:48:08.189986Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-19T15:48:15.353Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HCL Compass2.0 ",
              "vendor": "HCL Software",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, 2.1, 2.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-02T18:48:52.109Z",
            "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
            "shortName": "HCL"
          },
          "references": [
            {
              "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0103581"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-origin resource sharing vulnerability affects HCL Compass",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "assignerShortName": "HCL",
        "cveId": "CVE-2022-42447",
        "datePublished": "2023-03-27T22:22:29.522Z",
        "dateReserved": "2022-10-06T16:01:51.741Z",
        "dateUpdated": "2025-02-19T15:48:15.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }