🔴 《严重安全漏洞:CVE-2024-23564》

CVSS 评分: 严重(9.1)  状态: Received  发布时间: 2026-07-17


漏洞描述

HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verify the validity of the provided UserId, but similar validation is not applied to Email requests when sending passwords to user emails.


🔍 技术细节

字段
CVE ID CVE-2024-23564
CVSS 评分 9.1 🔴
严重程度 严重
CVSS 向量 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE 分类 CWE-326
发布时间 2026-07-17
最后更新 2026-07-17
状态 Received
数据来源 psirt@hcl.com

🔗 参考链接