Hclsoftware Aftermarket Epc
14 CVEs affecting Hclsoftware Aftermarket Epc. Latest disclosed: 2026-07-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23566 | Medium | 6.5 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute… |
CVE-2024-42214 | Medium | 5.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack since HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are… |
CVE-2024-23575 | Medium | 5.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An… |
CVE-2024-23574 | Medium | 5.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack since It was found that a malicious actor can use brute-force techniques to either guess or confirm valid users in… |
CVE-2024-23568 | Medium | 5.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attacks since the server software version used by the application is revealed by the web server. Displaying version inform… |
CVE-2024-23565 | Medium | 5.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The a… |
CVE-2024-23577 | Medium | 4.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol… |
CVE-2024-23571 | Medium | 4.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its f… |
CVE-2024-23570 | Medium | 4.3 | 2026-07-17 | HCL Aftermarket EPC is affected by clickjacking vulnerability Cross-Frame Scripting is an attack technique where an attacker loads a vulnerable application in… |
CVE-2024-23569 | Medium | 4.3 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack since the server is not configured with “X-XSS-Protection" header |
CVE-2024-23567 | Medium | 4.3 | 2026-07-17 | HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during norma… |
CVE-2024-23578 | Medium | 4.2 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack as the application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows acc… |
CVE-2024-23572 | Medium | 4.2 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should re… |
CVE-2024-23573 | Low | 3.7 | 2026-07-17 | HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and… |