HTML5 CORS Policy Vulnerability in HCL Aftermarket EPC
CVE-2024-23578

4.2MEDIUM

Key Information:

Vendor
CVE Published:
17 July 2026

What is CVE-2024-23578?

The HCL Aftermarket EPC application is susceptible to exploitation due to a misconfigured HTML5 CORS policy that grants access from any domain. This lax security measure can result in unauthorized third-party access, facilitating attacks such as data leakage or other malicious activities. Users of the application should prioritize reviewing their CORS settings and applying appropriate restrictions to mitigate potential risks. For further assistance, refer to the HCL support documentation.

Affected Version(s)

Aftermarket EPC version 1.0.0

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.