First published: Thu Oct 19 2023(Updated: )
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
Credit: psirt@hcl.com psirt@hcl.com
Affected Software | Affected Version | How to fix |
---|---|---|
Hcltech Hcl Compass | >=2.0.0<=2.0.3 | |
Hcltech Hcl Compass | >=2.2.0<2.2.3 | |
Hcltech Hcl Compass | =2.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this HCL Compass vulnerability is CVE-2023-37503.
The severity of CVE-2023-37503 is critical with a CVSS score of 9.8.
The affected software for CVE-2023-37503 is HCL Compass version 2.0.0 - 2.0.3, 2.2.0 - 2.2.3, and 2.1.0.
An attacker can exploit CVE-2023-37503 by easily guessing the password and gaining access to user accounts.
Yes, HCL Technologies has provided a fix for CVE-2023-37503. Please refer to the official support documentation for more information.