CVE-2022-27563
Overload/denial of service affects HCL VersionVault Express
In short
An attacker without any credentials can overwhelm HCL VersionVault Express with requests, making the service unavailable to legitimate users. This is a denial of service attack that requires no authentication.
Technical detail
An unauthenticated remote attacker can trigger a denial of service condition in HCL VersionVault Express through resource exhaustion or request overload. The vulnerability allows bypassing authentication controls to send malicious input that consumes system resources, rendering the service unavailable.
Summary generated and translated by AI from the official description.
An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
HCL Software · HCL VersionVault ExpressWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →