CVE-2025-0280
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-04
Assigner: HCL Software
Description
Description
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | compass | 3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL Compass allows an attacker to gain unauthorized access to the database. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized database access, potentially resulting in data confidentiality, integrity, and availability being compromised. [1]
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70