CVE-2025-55266
Received
Received - Intake
Session Fixation in HCL Aftermarket DPC Enables Unauthorized Transactions
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-384 | Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Session Fixation issue in HCL Aftermarket DPC. It allows an attacker to take over a user's session, enabling the attacker to perform unauthorized transactions on behalf of the user.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can hijack a user's session and carry out unauthorized transactions, potentially leading to unauthorized actions being performed without the user's consent.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70