A weak password requirements vulnerability affects HCL Compass
CVE-2023-37503

8.1HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Compass
Vendor: CVE Published:; 19 October 2023

🔔 Create Hcl Software Vulnerability Alert

What is CVE-2023-37503?

HCL Compass is susceptible to inadequate password requirements, allowing attackers to easily guess passwords. This vulnerability could lead to unauthorized access to user accounts, posing significant risks to data integrity and confidentiality.

Affected Version(s)

HCL Compass 2.0, 2.1, 2.2

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 19, 2023
Vulnerability Reserved
Jul 6, 2023