CVE-2024-23574 PUBLISHED

Assigner: HCL
Reserved: 18.01.2024 Published: 17.07.2026 Updated: 17.07.2026

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score: 5.3

Product Status

Vendor HCLSoftware
Product Aftermarket EPC
Versions Default: unaffected
  • Version version 1.0.0 is affected

References

Problem Types

  • CWE-204: Response Discrepancy Information Leakage CWE