HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LHcltech Aftermarket Cloud
APPHcltech1.0.0
Related vulnerabilities
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escala...
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source...
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrie...
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and u...
HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensi...