CRITICAL🇬🇧 English

CVE-2022-42447

CVSS 9.6v3.1pub. 2023-04-02upd. 2025-02-19

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Hcltech Hcl Compass

    APP
    Hcltech
    2.0.0 – 2.0.32.1.0 – 2.2.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-37502CRITICAL9.0ten sam produkt

HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active c...

CVE-2023-37503HIGH8.1ten sam produkt

HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and g...

CVE-2023-37504HIGH7.1ten sam produkt

HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated...

CVE-2025-62319CRITICAL9.8PL ✓ten sam vendor

Boolean-Based SQL Injection umożliwiający wstrzyknięcie dowolnego SQL

CVE-2023-37538CRITICAL9.3ten sam vendor

HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflect...