HIGH🇬🇧 English

CVE-2023-37504

CVSS 7.1v3.1pub. 2023-10-19upd. 2024-11-21

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called.  If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
  • Hcltech Hcl Compass

    APP
    Hcltech
    2.1.02.0.0 – 2.0.32.2.0 – 2.2.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-37502CRITICAL9.0ten sam produkt

HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active c...

CVE-2022-42447CRITICAL9.6ten sam produkt

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivilege...

CVE-2023-37503HIGH8.1ten sam produkt

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and g...

CVE-2025-62319CRITICAL9.8PL ✓ten sam vendor

Boolean-Based SQL Injection umożliwiający wstrzyknięcie dowolnego SQL

CVE-2023-37538CRITICAL9.3ten sam vendor

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...