Lucene search

HCLCVELIST:CVE-2023-37502

HistoryOct 18, 2023 - 10:51 p.m.

CVE-2023-37502 An unrestricted file upload vulnerability affects HCL Compass

2023-10-1822:51:16

HCL

www.cve.org

cve-2023-37502

hcl compass

file upload security

active code execution

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user’s web browser.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Compass",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "2.0, 2.1, 2.2"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107510

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVELIST:CVE-2023-37502