Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-23573

Summary
Assigner-HCL
Assigner Org ID-1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At-17 Jul, 2026 | 13:42
Updated At-17 Jul, 2026 | 15:17
Rejected At-
Credits

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of man-in-the-middle attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:HCL
Assigner Org ID:1e47fe04-f25f-42fa-b674-36de2c5e3cfc
Published At:17 Jul, 2026 | 13:42
Updated At:17 Jul, 2026 | 15:17
Rejected At:
▼CVE Numbering Authority (CNA)

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of man-in-the-middle attack.

Affected Products
Vendor
HCLSoftware
Product
Aftermarket EPC
Default Status
unaffected
Versions
Affected
  • version 1.0.0
Problem Types
TypeCWE IDDescription
CWECWE-425CWE-425: Direct Request (Forced Browsing)
Type: CWE
CWE ID: CWE-425
Description: CWE-425: Direct Request (Forced Browsing)
Metrics
VersionBase scoreBase severityVector
3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@hcl.com
Published At:17 Jul, 2026 | 14:17
Updated At:17 Jul, 2026 | 16:17

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of man-in-the-middle attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-425Secondarypsirt@hcl.com
CWE ID: CWE-425
Type: Secondary
Source: psirt@hcl.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294psirt@hcl.com
N/A
Hyperlink: https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0132294
Source: psirt@hcl.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found

CVE-2026-21762
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:10
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing HTTP Security Headers in DevOps Loop

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting.

Action-Not Available
Vendor-HCLSoftware
Product-DevOps Loop
CWE ID-CWE-644
Improper Neutralization of HTTP Headers for Scripting Syntax
CVE-2025-62328
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.24% / 15.55%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-12 Mar, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Nomad server on Domino is affected by a missing default frame-ancestors directive

HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.

Action-Not Available
Vendor-HCLSoftware
Product-Nomad server on Domino
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2025-31958
Matching Score-8
Assigner-HCL Software
ShareView Details
Matching Score-8
Assigner-HCL Software
CVSS Score-3.7||LOW
EPSS-0.18% / 7.44%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 13:59
Updated-22 Apr, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling

HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.

Action-Not Available
Vendor-HCLSoftwareHCL Technologies Ltd.
Product-bigfix_service_managementBigFix Service Management (SM)
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2026-21760
Matching Score-6
Assigner-HCL Software
ShareView Details
Matching Score-6
Assigner-HCL Software
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 17:06
Updated-17 Jul, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized Access to Admin Functionality via Forced Browsing

HCL DevOps Loop is affected by an Unauthorized Access to Admin Functionality (Forced Browsing) vulnerability. Improper authorization checks may allow unauthorized users to access restricted administrative functionality by directly accessing protected application endpoints.

Action-Not Available
Vendor-HCLSoftware
Product-DevOps Loop
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2025-14697
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 19.86%
||
7 Day CHG+0.01%
Published-15 Dec, 2025 | 02:02
Updated-15 Dec, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shenzhen Sixun Software Sixun Shanghui Group Business Management System ExportFiles file access

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotely. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Shenzhen Sixun Software
Product-Sixun Shanghui Group Business Management System
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-15153
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.43% / 34.74%
||
7 Day CHG~0.00%
Published-28 Dec, 2025 | 20:32
Updated-24 Feb, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PbootCMS SQLite Database pbootcms.db file access

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. Modifying the configuration settings is advised.

Action-Not Available
Vendor-pbootcmsn/a
Product-pbootcmsPbootCMS
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2025-11280
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-05 Oct, 2025 | 03:32
Updated-07 Oct, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe LMS Assignment Picture files direct request

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. It is advisable to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

Action-Not Available
Vendor-frappeFrappe
Product-learningLMS
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2024-11049
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.42% / 34.36%
||
7 Day CHG~0.00%
Published-10 Nov, 2024 | 05:31
Updated-23 Nov, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZKTeco ZKBio Time Image File photo direct request

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-ZKTeco Co., Ltd.
Product-zkbio_timeZKBio Timezkbio_time
CWE ID-CWE-425
Direct Request ('Forced Browsing')
Details not found