Back to overview

CVE-2024-23577

MEDIUM
4.3
CVSS 3.1
Description
HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header poisoning, server misconfigurations.

Metadata

CVE ID
CVE-2024-23577
State
PUBLISHED
Assigner
HCL
Reserved
2024-01-18 07:29 UTC
Published
2026-07-17 13:46 UTC
Last updated
2026-07-17 15:21 UTC
Primary CWE
CWE-20
CWE-20: Improper Input Validation
Vendor / Product
HCLSoftware / Aftermarket EPC
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HCLSoftware Aftermarket EPC version 1.0.0
Weakness (CWE)
CWESourceDescription
CWE-20 cna CWE-20: Improper Input Validation
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Back to overview