Session Token Vulnerability in HCL Aftermarket EPC
CVE-2024-23572

4.2MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23572?

The HCL Aftermarket EPC software is exposed to a potential vulnerability stemming from insecure cookie handling, specifically related to session tokens. Malicious actors may exploit this vulnerability to hijack user sessions and gain unauthorized access to sensitive data and functionalities. It's crucial for users to review and secure cookie contents to safeguard against such risks.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.