Hcl Compass
CVE-2023-37502
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser.
AnalysisAI
HCL Compass is vulnerable to lack of file upload security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser. Affected products include: Hcltech Hcl Compass.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Hcl Compass
View allHCL Compass is vulnerable to insecure password requirements. Rated critical severity (CVSS 9.8), this vulnerability is r
HCL Compass is vulnerable to failure to invalidate sessions. Rated medium severity (CVSS 6.5), this vulnerability is rem
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today