9.8
CVE-2023-37503
- EPSS 0.09%
- Published 19.10.2023 03:15:08
- Last modified 21.11.2024 08:11:50
- Source psirt@hcl.com
- Teams watchlist Login
- Open Login
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
Data is provided by the National Vulnerability Database (NVD)
Hcltech ≫ Hcl Compass Version >= 2.0.0 <= 2.0.3
Hcltech ≫ Hcl Compass Version >= 2.2.0 < 2.2.3
Hcltech ≫ Hcl Compass Version2.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.268 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@hcl.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.