HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:LHcltech Aftermarket Cloud
APPHcltech1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-55261HIGH8.1ten sam produkt
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escala...
CVE-2025-55263HIGH7.3ten sam produkt
HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source...
CVE-2025-55262HIGH8.3ten sam produkt
HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrie...
CVE-2025-55265MEDIUM6.5ten sam produkt
HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensi...
CVE-2025-55264MEDIUM5.5ten sam produkt
HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to acc...