Back to overview

CVE-2024-23571

MEDIUM
4.3
CVSS 3.1
Description
HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Metadata

CVE ID
CVE-2024-23571
State
PUBLISHED
Assigner
HCL
Reserved
2024-01-18 07:29 UTC
Published
2026-07-17 13:42 UTC
Last updated
2026-07-17 15:18 UTC
Primary CWE
CWE-525
CWE-525: Use of Web Browser Cache of Sensitive Information
Vendor / Product
HCLSoftware / Aftermarket EPC
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HCLSoftware Aftermarket EPC version 1.0.0
Weakness (CWE)
CWESourceDescription
CWE-525 cna CWE-525: Use of Web Browser Cache of Sensitive Information
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Back to overview