CVE-2024-23564
The CVE-2024-23564 entry concerns HCL Aftermarket EPC and describes a Business Logic Vulnerability where a non-valid user can obtain passwords from the server and have them redirected to their own email by manipulating the server response. The root cause, as stated, is that the system validates U...