Email Flooding Vulnerability in HCL Aftermarket EPC
CVE-2024-23565

5.3MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23565?

The HCL Aftermarket EPC is susceptible to an email flooding attack due to inadequate limitations on the number of emails sent through its Forget Password functionality. This vulnerability allows both human attackers and automated entities, such as bots or scripts, to exploit the system. By flooding the application with excessive emails, an attacker could disrupt services, lead to denial of service, and potentially affect the overall integrity of the application’s logic.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.