Lucky 13 Vulnerability in HCL Aftermarket EPC Product by HCL Technologies
CVE-2024-23573
3.7LOW
What is CVE-2024-23573?
The vulnerability in HCL Aftermarket EPC arises from its support of outdated cryptographic protocols, exposing users to the Lucky 13 attack. This flaw can potentially allow an attacker to intercept and manipulate secure communications by exploiting weaknesses in the encryption mechanisms of TLS 1.1, 1.2, DTLS 1.0, and DTLS 1.2. The vulnerability also affects older versions, including SSL 3.0 and TLS 1.0, thereby elevating the risk of a man-in-the-middle attack, where an adversary could gain unauthorized access to sensitive information transmitted between clients and the server.
Affected Version(s)
Aftermarket EPC version 1.0.0
