An unrestricted file upload vulnerability affects HCL Compass
CVE-2023-37502

9CRITICAL

Key Information:

Vendor: Hcl Software
Status: Hcl Compass
Vendor: CVE Published:; 18 October 2023

Summary

HCL Compass has a file upload vulnerability that allows attackers to bypass security measures when uploading files. By exploiting this flaw, an attacker can potentially upload files containing executable code, leading to unauthorized code execution on the server or within a user's web browser. This could result in significant security risks, including data breaches or system compromise.

Affected Version(s)

HCL Compass 2.0, 2.1, 2.2

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 18, 2023
Vulnerability Reserved
Jul 6, 2023