HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NHcltech Aftermarket Cloud
APPHcltech1.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2025-55261HIGH8.1ten sam produkt
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escala...
CVE-2025-55263HIGH7.3ten sam produkt
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source...
CVE-2025-55262HIGH8.3ten sam produkt
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrie...
CVE-2025-55266MEDIUM5.9ten sam produkt
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and u...
CVE-2025-55264MEDIUM5.5ten sam produkt
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to acc...