Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
An insufficient session expiration vulnerability affects HCL Compass
Vulnerability Description
HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
HCL Technologies Compass 代码问题漏洞
Vulnerability Description
HCL Technologies Compass是美国HCL Technologies公司的一个低代码变更管理软件。管理全方位的测试活动以及与开发人员工具的集成。 HCL Compass存在安全漏洞,该漏洞源于当调用注销功能时,应用程序不会使经过身份验证的会话失效,如果可以发现会话标识符,则可以将其重播到应用程序并用于模拟用户。
CVSS Information
N/A
Vulnerability Type
N/A