Lucky 13 Vulnerability in HCL Aftermarket EPC Product by HCL Technologies
CVE-2024-23573

3.7LOW

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23573?

The vulnerability in HCL Aftermarket EPC arises from its support of outdated cryptographic protocols, exposing users to the Lucky 13 attack. This flaw can potentially allow an attacker to intercept and manipulate secure communications by exploiting weaknesses in the encryption mechanisms of TLS 1.1, 1.2, DTLS 1.0, and DTLS 1.2. The vulnerability also affects older versions, including SSL 3.0 and TLS 1.0, thereby elevating the risk of a man-in-the-middle attack, where an adversary could gain unauthorized access to sensitive information transmitted between clients and the server.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.