Back to overview

CVE-2026-35148

MEDIUM
6.3
CVSS 3.1
Description
HCL DFXServer is affected by a Missing Access Control vulnerability. This vulnerability states that certain endpoints are accessible without any form of authentication in another browser. This allows any network user to invoke these APIs and interact with the application without verification of their identity or authorization level.

Metadata

CVE ID
CVE-2026-35148
State
PUBLISHED
Assigner
HCL
Reserved
2026-04-01 16:32 UTC
Published
2026-07-16 11:02 UTC
Last updated
2026-07-16 12:07 UTC
Primary CWE
CWE-284
CWE-284: Improper Access Control
Vendor / Product
HCL Software / DFXServer
Sources
cve.org  ·  NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HCL Software DFXServer version 2.5 and below
Weakness (CWE)
CWESourceDescription
CWE-284 cna CWE-284: Improper Access Control
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Back to overview