CVSS 3.1 Score 7.1 of 10 (high)


Published Oct 19, 2023
Updated: Oct 25, 2023
CWE ID 613


CVE-2023-37504 is a vulnerability in HCL Compass that allows for the failure to invalidate sessions. This means that when the logout function is called, authenticated sessions are not terminated. If an attacker can discover the session identifier, they can replay it to impersonate the user. The affected products include t0DdbG, qvjccA, qvjcb_, qvjcb-, qvjcb9, qvjcb8, qvjcb7, and qvjcb6. The base severity of this vulnerability is rated as HIGH with a score of 7.1 out of 10. It requires network access and user interaction for exploitation and could have a high impact on integrity. Remediation measures should be taken to ensure that sessions are properly invalidated upon logout to mitigate the potential danger posed by this vulnerability to organizations using HCL Compass.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37504 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options