9.8
CVE-2023-37503
- EPSS 0.09%
- Veröffentlicht 19.10.2023 03:15:08
- Zuletzt bearbeitet 21.11.2024 08:11:50
- Quelle psirt@hcl.com
- Teams Watchlist Login
- Unerledigt Login
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Hcl Compass Version >= 2.0.0 <= 2.0.3
Hcltech ≫ Hcl Compass Version >= 2.2.0 < 2.2.3
Hcltech ≫ Hcl Compass Version2.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.268 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@hcl.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-521 Weak Password Requirements
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.