🔴 严重 | CVE-2024-23564 — HCL Aftermarket EPC is affected by Business Logic ...
🔴 《严重安全漏洞:CVE-2024-23564》
CVSS 评分: 严重(9.1) 状态: Received 发布时间: 2026-07-17
漏洞描述
HCL Aftermarket EPC is affected by Business Logic Vulnerability using which a non valid user of the application can obtain passwords from the server and redirect them to their own email address by manipulating the server's response. The application includes checks in the initial requests to verify the validity of the provided UserId, but similar validation is not applied to Email requests when sending passwords to user emails.
🔍 技术细节
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2024-23564 |
| CVSS 评分 | 9.1 🔴 |
| 严重程度 | 严重 |
| CVSS 向量 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| CWE 分类 | CWE-326 |
| 发布时间 | 2026-07-17 |
| 最后更新 | 2026-07-17 |
| 状态 | Received |
| 数据来源 | psirt@hcl.com |
🔗 参考链接
💬 评论