Every CVE whose affected-product data names Hcltech Hcl Compass, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-42447 — CVSS 9.6 (critical): HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a…
CVE-2023-37502 — CVSS 9.0 (critical): HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by…
CVE-2023-37503 — CVSS 8.1 (high): HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.
CVE-2023-37504 — CVSS 7.1 (high): HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out…