HTML5 CORS Policy Vulnerability in HCL Aftermarket EPC
CVE-2024-23578
4.2MEDIUM
What is CVE-2024-23578?
The HCL Aftermarket EPC application is susceptible to exploitation due to a misconfigured HTML5 CORS policy that grants access from any domain. This lax security measure can result in unauthorized third-party access, facilitating attacks such as data leakage or other malicious activities. Users of the application should prioritize reviewing their CORS settings and applying appropriate restrictions to mitigate potential risks. For further assistance, refer to the HCL support documentation.
Affected Version(s)
Aftermarket EPC version 1.0.0
