CVE-2023-37502

Summary

HCL Compass is vulnerable to lack of file upload security.  An attacker could upload files containing active code that can be executed by the server or by a user's web browser.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL Compass2.0, 2.1, 2.2affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References