An insufficient session expiration vulnerability affects HCL Compass
CVE-2023-37504

7.1HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Compass
Vendor: CVE Published:; 19 October 2023

Summary

HCL Compass features a significant vulnerability associated with session management, where authenticated sessions remain active even after the logout function is executed. This flaw allows an attacker to exploit session identifiers, facilitating replay attacks that enable user impersonation within the application. It is crucial for organizations using HCL Compass to address this vulnerability promptly to enhance their security posture.

Affected Version(s)

HCL Compass 2.0, 2.1, 2.2

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 19, 2023
Vulnerability Reserved
Jul 6, 2023