Hcltech Aftermarket Cloud — known CVE vulnerabilities
Every CVE whose affected-product data names Hcltech Aftermarket Cloud, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2025-55262 — CVSS 8.3 (high): HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from…
CVE-2025-55261 — CVSS 8.1 (high): HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may…
CVE-2025-55263 — CVSS 7.3 (high): HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in…
CVE-2025-55265 — CVSS 6.5 (medium): HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the…
CVE-2025-55266 — CVSS 5.9 (medium): HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized…
CVE-2025-55267 — CVSS 5.7 (medium): HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining…
CVE-2025-55264 — CVSS 5.5 (medium): HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they…
CVE-2025-55273 — CVSS 4.3 (medium): HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the…
CVE-2025-55268 — CVSS 4.3 (medium): HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and…
CVE-2025-55269 — CVSS 4.2 (medium): HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use…
CVE-2025-55275 — CVSS 3.7 (low): HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to…
CVE-2025-55270 — CVSS 3.5 (low): HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks…
CVE-2025-55276 — CVSS 3.1 (low): HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network…
CVE-2025-55272 — CVSS 3.1 (low): HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version…
CVE-2025-55271 — CVSS 3.1 (low): HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split…
CVE-2025-55274 — CVSS 2.6 (low): HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive…
CVE-2025-55277 — CVSS 2.6 (low): HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits…