CVE-2025-55266
HCL Aftermarket DPC is affected by Session Fixation
In short
HCL Aftermarket DPC has a flaw that lets attackers hijack a user's active session and perform unauthorized transactions on their behalf. This happens because the application doesn't properly refresh sessions after login.
Technical detail
Session fixation vulnerability in HCL Aftermarket DPC allows an attacker to force a victim to use a pre-set session identifier, enabling unauthorized transactions. The attacker can set up a session, trick the user into authenticating within it, and then use the same session ID to impersonate the authenticated user without credentials.
Summary generated and translated by AI from the official description.
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
Affected products
HCL · Aftermarket DPCWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →