45 matches found
CVE-2024-23578
HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...
CVE-2024-42214
HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the Web server which allows an attacker to narrow and intensify their efforts...
CVE-2024-23569
HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header...
CVE-2024-23570
HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...
CVE-2024-23572
HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...
CVE-2024-23574
HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in the system. Use renumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system...
CVE-2024-23575
HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...
CVE-2024-23564
HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verif...
CVE-2024-23565
HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program...
CVE-2024-23567
HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local...
CVE-2024-23572
CVE-2024-23572 affects HCL Aftermarket EPC. The issue is described as a vulnerability where a cookie appears to contain a session token, suggesting a potential risk depending on cookie contents and function. The provided metrics indicate a CVSS v3.1 base score of 4.2 (Medium) with AV:N, AC:H, PR:...
CVE-2024-23572
HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...
CVE-2024-23570
HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...
CVE-2024-23570
CVE-2024-23570 affects HCL Aftermarket EPC and describes a clickjacking/Cross-Frame Scripting risk. The CVSSv3.1 base score is 4.3 (Medium) with network attack vector, low attack complexity, no privileges required, user interaction required. Impact notes indicate confidentiality and availability ...
CVE-2024-23570
HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in an iFrame on his malicious site. The attacker can then launch a Clickjacking attack, which may lead to Phishing, Cross-Site Request Forger...
CVE-2024-23578
HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...
CVE-2024-23578
HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...
CVE-2024-23578
CVE-2024-23578 affects HCL Aftermarket EPC. The issue stems from an HTML5 CORS policy that allows access from any origin, enabling cross-origin requests to the app’s endpoints. CVSSv3.1 metrics show a base score of 4.2 (Medium): Network, High attack complexity, No privileges required, User intera...
EUVD-2024-55670
HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing CORS policy for this request that allows access from any domain -Wildcard...
CVE-2024-23569
HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header...