CVE-2025-55271
Received
Received - Intake
HTTP Response Splitting in HCL Aftermarket DPC Enables Command Injection
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: HCL Software
Description
Description
HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | aftermarket_cloud | 1.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-113 | The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in HCL Aftermarket DPC is an HTTP Response Splitting issue. This means that depending on how the web application processes the HTTP response, an attacker could manipulate the response by injecting malicious content or executing arbitrary commands.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to inject harmful content into the web application's HTTP response or execute arbitrary commands, potentially leading to security risks such as web cache poisoning, cross-site scripting, or other malicious activities.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70