A weak password requirements vulnerability affects HCL Compass
CVE-2023-37503

8.1HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Compass
Vendor: CVE Published:; 19 October 2023

Summary

HCL Compass is susceptible to inadequate password requirements, allowing attackers to easily guess passwords. This vulnerability could lead to unauthorized access to user accounts, posing significant risks to data integrity and confidentiality.

Affected Version(s)

HCL Compass 2.0, 2.1, 2.2

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2023
Vulnerability Reserved
Jul 6, 2023