Lucene search
+L

45 matches found

NVD
NVD
added 9 hours ago5 views

CVE-2024-23578

HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...

4.2CVSS
Exploits0References1
NVD
NVD
added 9 hours ago5 views

CVE-2024-42214

HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the Web server which allows an attacker to narrow and intensify their efforts...

5.3CVSS
Exploits0References1
NVD
NVD
added 9 hours ago6 views

CVE-2024-23569

HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header...

4.3CVSS
Exploits0References1
NVD
NVD
added 9 hours ago6 views

CVE-2024-23570

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS
Exploits0References1
NVD
NVD
added 9 hours ago5 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS
Exploits0References1
NVD
NVD
added 9 hours ago6 views

CVE-2024-23574

HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...

5.3CVSS
Exploits0References1
NVD
NVD
added 9 hours ago5 views

CVE-2024-23575

HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...

5.3CVSS
Exploits0References1
NVD
NVD
added 9 hours ago5 views

CVE-2024-23564

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verif...

9.1CVSS
Exploits0References1
NVD
NVD
added 9 hours ago6 views

CVE-2024-23565

HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program...

5.3CVSS
Exploits0References1
NVD
NVD
added 9 hours ago5 views

CVE-2024-23567

HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...

4.3CVSS
Exploits0References1
CVE
CVE
added 9 hours ago7 views

CVE-2024-23572

CVE-2024-23572 affects HCL Aftermarket EPC. The issue is described as a vulnerability where a cookie appears to contain a session token, suggesting a potential risk depending on cookie contents and function. The provided metrics indicate a CVSS v3.1 base score of 4.2 (Medium) with AV:N, AC:H, PR:...

4.2CVSS5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 9 hours ago4 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS5.2AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 9 hours ago4 views

CVE-2024-23570

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS5.2AI score
Exploits0References2Affected Software1
CVE
CVE
added 9 hours ago7 views

CVE-2024-23570

CVE-2024-23570 affects HCL Aftermarket EPC and describes a clickjacking/Cross-Frame Scripting risk. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, low attack complexity, no privileges required, user interaction required. Impact notes indicate confidentiality and availability ...

4.3CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added 9 hours ago9 views

CVE-2024-23570

HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
added 9 hours ago10 views

CVE-2024-23578

HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...

4.2CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 9 hours ago3 views

CVE-2024-23578

HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...

4.2CVSS5.3AI score
Exploits0References2Affected Software1
CVE
CVE
added 9 hours ago6 views

CVE-2024-23578

CVE-2024-23578 affects HCL Aftermarket EPC. The issue stems from an HTML5 CORS policy that allows access from any origin, enabling cross-origin requests to the app’s endpoints. CVSSv3.1 metrics show a base score of 4.2 (Medium): Network, High attack complexity, No privileges required, User intera...

4.2CVSS5.3AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago5 views

EUVD-2024-55670

HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...

4.2CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added 9 hours ago10 views

CVE-2024-23569

HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header...

4.3CVSS
Exploits0References1
Rows per page
Query Builder