Host Header Injection Vulnerability in HCL Aftermarket EPC
CVE-2024-23577

4.3MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23577?

The HCL Aftermarket EPC application is susceptible to host header injection due to insufficient validation of the HOST header in HTTP requests. This flaw allows attackers to manipulate the host header, potentially leading to severe security implications such as Host header poisoning and server misconfigurations. Unvalidated input can permit malicious requests, affecting the application's integrity and availability.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.