Sensitive Information Exposure in HCL Aftermarket EPC
CVE-2024-23567

4.3MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23567?

HCL Aftermarket EPC is susceptible to a vulnerability that allows sensitive data to be transmitted via URL parameters. This can result in exposure of confidential information due to it being stored in various locations like server logs, browser history, and proxy logs. As a result, attackers may be able to access sensitive data that users assume is secure, making it critical for organizations to review their configurations and implement safeguards against this type of data exposure.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.