Back to overview

CVE-2026-35141

LOW
2.6
CVSS 3.1
Description
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include timestamps with every message, ensuring that messages exceeding a specific age threshold are automatically rejected by the recipient system.

Metadata

CVE ID
CVE-2026-35141
State
PUBLISHED
Assigner
HCL
Reserved
2026-04-01 16:31 UTC
Published
2026-07-16 12:59 UTC
Last updated
2026-07-16 14:16 UTC
Primary CWE
CWE-294
CWE-294: Authentication Bypass by Capture-replay
Vendor / Product
HCL Software / DFXAnalytics
Sources
cve.org  ·  NVD

Severity & Metrics

2.6 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HCL Software DFXAnalytics version 3.0 and below
Weakness (CWE)
CWESourceDescription
CWE-294 cna CWE-294: Authentication Bypass by Capture-replay
CVSS scores (1)
ScoreSeverityVersionSourceVector
2.6 LOW 3.1 cna CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Back to overview