HCL AppScan Presence deployed as Windows service might be vulnerable to an Unquoted Service Path vulnerability
CVE-2023-37537

7.8HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Appscan Presence
Vendor: CVE Published:; 17 October 2023

Summary

An unquoted service path vulnerability exists in HCL AppScan Presence, which is deployed as a Windows service in HCL AppScan on Cloud (ASoC). This flaw may allow local attackers to execute malicious code with elevated privileges, potentially compromising the security of the affected system. Proper configuration and strict control measures are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

HCL AppScan Presence <=2.1.37

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Jul 6, 2023