CVE-2024-23566
MEDIUM
6.5
CVSS 3.1
Description
HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| HCLSoftware | Aftermarket EPC | — | version 1.0.0 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-804 | cna | CWE-804: Guessable CAPTCHA |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |