Back to overview

CVE-2024-23575

MEDIUM
5.3
CVSS 3.1
Description
HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack.

Metadata

CVE ID
CVE-2024-23575
State
PUBLISHED
Assigner
HCL
Reserved
2024-01-18 07:29 UTC
Published
2026-07-17 13:43 UTC
Last updated
2026-07-17 15:19 UTC
Primary CWE
CWE-209
CWE-209: Generation of Error Message Containing Sensitive In…
Vendor / Product
HCLSoftware / Aftermarket EPC
Sources
cve.org  ·  NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HCLSoftware Aftermarket EPC version 1.0.0
Weakness (CWE)
CWESourceDescription
CWE-209 cna CWE-209: Generation of Error Message Containing Sensitive Information
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Back to overview