CVE-2024-23570 PUBLISHED

Assigner: HCL
Reserved: 18.01.2024 Published: 17.07.2026 Updated: 17.07.2026

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forgery, sensitive information leakage and more.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Product Status

Vendor HCLSoftware
Product Aftermarket EPC
Versions Default: unaffected
  • Version version 1.0.0 is affected

References

Problem Types

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE