CVE-2022-42447: Cross-origin resource sharing vulnerability affects HCL Compass
First published: Mon Mar 27 2023(Updated: )
HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Hcl Compass | >=2.0.0<=2.0.3 | |
| Hcltech Hcl Compass | >=2.1.0<2.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this HCL Compass vulnerability?
The vulnerability ID of this HCL Compass vulnerability is CVE-2022-42447.
What is the severity of CVE-2022-42447?
The severity of CVE-2022-42447 is critical.
What is the impact of the CVE-2022-42447 vulnerability?
The CVE-2022-42447 vulnerability allows an unprivileged remote attacker to trick a legitimate user into executing a malicious request.
Which software versions are affected by CVE-2022-42447?
The software versions affected by CVE-2022-42447 are HCL Compass 2.0.0 to 2.0.3 and HCL Compass 2.1.0 to 2.2.1.
How can I fix the CVE-2022-42447 vulnerability in HCL Compass?
To fix the CVE-2022-42447 vulnerability in HCL Compass, update to a version higher than 2.2.1 or apply any patches or security updates provided by HCLTech.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/hcltech
- canonical/hcltech hcl compass
- version/hcltech hcl compass/2.0.0
- version/hcltech hcl compass/2.0.3
- version/hcltech hcl compass/2.1.0