HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called.  If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2023-10-19T00:09:02.682Z

Updated: 2024-09-12T18:04:17.190Z

Reserved: 2023-07-06T16:11:40.094Z

Link: CVE-2023-37504

cve-icon Vulnrichment

Updated: 2024-08-02T17:16:30.324Z

cve-icon NVD

Status : Modified

Published: 2023-10-19T01:15:08.117

Modified: 2024-11-21T08:11:50.933

Link: CVE-2023-37504

cve-icon Redhat

No data.