Clickjacking Vulnerability in HCL Aftermarket EPC
CVE-2024-23570

4.3MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23570?

HCL Aftermarket EPC is susceptible to a clickjacking vulnerability, which allows attackers to exploit the application via Cross-Frame Scripting. This technique permits an attacker to embed the vulnerable site within an iFrame on a malicious web page. Consequently, unsuspecting users may be tricked into performing actions they did not intend, resulting in potential risks such as phishing, unauthorized data access, and Cross-Site Request Forgery (CSRF). It's essential for users of HCL Aftermarket EPC to remain vigilant and implement necessary mitigations to safeguard against these types of attacks.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.