CVE-2023-37502: An unrestricted file upload vulnerability affects HCL Compass
First published: Wed Oct 18 2023(Updated: )
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
Credit: psirt@hcl.com psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Hcl Compass | >=2.0.0<=2.0.3 | |
| Hcltech Hcl Compass | >=2.2.0<2.2.3 | |
| Hcltech Hcl Compass | =2.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this HCL Compass vulnerability?
The vulnerability ID of this HCL Compass vulnerability is CVE-2023-37502.
What is the severity level of CVE-2023-37502?
CVE-2023-37502 has a severity level of critical.
How does this vulnerability in HCL Compass manifest?
This vulnerability in HCL Compass allows attackers to upload files containing active code that can be executed by the server or by a user's web browser.
Which versions of HCL Compass are affected by CVE-2023-37502?
HCL Compass versions 2.0.0 to 2.0.3, 2.2.0 to 2.2.3, and 2.1.0 are affected by CVE-2023-37502.
Where can I find more information about CVE-2023-37502 and its fix?
You can find more information about CVE-2023-37502 and its fix on the HCL Technologies support website: [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107510).
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/hcltech
- canonical/hcltech hcl compass
- version/hcltech hcl compass/2.0.0
- version/hcltech hcl compass/2.0.3
- version/hcltech hcl compass/2.2.0
- version/hcltech hcl compass/2.1.0