CVE-2026-56453
MEDIUM
5.5
CVSS 3.1
Description
HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to bypass controls and gain unauthorized access to targeted user accounts.
Metadata
Severity & Metrics
5.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| HCL Software | DFXAnalytics | — | version 3.0 and below |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-294 | cna | CWE-294: Exposure of Sensitive Information to an Unauthorized Actor |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |