CVE-2025-55264

all versions

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, th

5.5MEDIUM

CVE-2025-55263

all versions

HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is st

7.3HIGH

CVE-2025-55262

all versions

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive informa

8.3HIGH

CVE-2025-55261

all versions

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges an

8.1HIGH

CVE-2025-55277

all versions

HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the e

2.6LOW

CVE-2025-55276

all versions

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s

3.1LOW

CVE-2025-55275

all versions

HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions

3.7LOW

CVE-2025-55274

all versions

HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of se

2.6LOW

CVE-2025-55273

all versions

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper w

4.3MEDIUM

CVE-2025-55272

all versions

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and

3.1LOW

CVE-2025-55271

all versions

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the

3.1LOW

CVE-2025-55270

all versions

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out

3.5LOW

CVE-2025-55269

all versions

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords

4.2MEDIUM

CVE-2025-55268

all versions

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandw

4.3MEDIUM

CVE-2025-55267

all versions

HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts

5.7MEDIUM

CVE-2025-55266

all versions

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unau

5.9MEDIUM

CVE-2025-55265

all versions

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present i

6.5MEDIUM