Hcltech: >> Aftermarket Cloud >> 1.0.0 Security Vulnerabilities
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets.
CVSS Score
7.3
Published
2026-03-26
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.
CVSS Score
5.5
Published
2026-03-26
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.
CVSS Score
8.1
Published
2026-03-26
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.
CVSS Score
8.3
Published
2026-03-26
HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user.
CVSS Score
2.6
Published
2026-03-26
HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.
CVSS Score
3.7
Published
2026-03-26
HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout.
CVSS Score
3.1
Published
2026-03-26
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.
CVSS Score
2.6
Published
2026-03-26
HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.
CVSS Score
4.3
Published
2026-03-26
HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts.
CVSS Score
4.2
Published
2026-03-26
Page 1