HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: HCL
Published: 2023-10-19T00:09:02.682Z
Updated: 2024-09-12T18:04:17.190Z
Reserved: 2023-07-06T16:11:40.094Z
Link: CVE-2023-37504
Vulnrichment
Updated: 2024-08-02T17:16:30.324Z
NVD
Status : Modified
Published: 2023-10-19T01:15:08.117
Modified: 2024-11-21T08:11:50.933
Link: CVE-2023-37504
Redhat
No data.