Caching Policy Flaw in HCL Aftermarket EPC Software
CVE-2024-23571

4.3MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23571?

The HCL Aftermarket EPC application is exposed to security risks due to an inadequate caching policy that fails to properly define how and what information can be cached. This oversight may allow sensitive information from application responses to be stored in the local cache, potentially enabling unauthorized users on the same device to access this data at a later time. Proper caching mechanisms should be implemented to mitigate the risk of sensitive information leakage.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.