Caching Policy Flaw in HCL Aftermarket EPC Software
CVE-2024-23571
4.3MEDIUM
What is CVE-2024-23571?
The HCL Aftermarket EPC application is exposed to security risks due to an inadequate caching policy that fails to properly define how and what information can be cached. This oversight may allow sensitive information from application responses to be stored in the local cache, potentially enabling unauthorized users on the same device to access this data at a later time. Proper caching mechanisms should be implemented to mitigate the risk of sensitive information leakage.
Affected Version(s)
Aftermarket EPC version 1.0.0
