CVE-2024-23565
Received Received - Intake

Email Flooding Vulnerability in HCL Aftermarket EPC

Vulnerability report for CVE-2024-23565, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: HCL Software

Description

HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program logic or other consequences.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcl aftermarket_epc *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-799 The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

HCL Aftermarket EPC is vulnerable to email flooding due to a lack of proper mail limitation in the Forget Password functionality. This allows attackers, human or automated, to send excessive emails causing denial of service or compromising program logic.

Detection Guidance

To detect this vulnerability, monitor for unusual spikes in email traffic originating from the HCL Aftermarket EPC system, particularly targeting the 'Forget Password' functionality. Check for excessive password reset requests or failed login attempts that may indicate automated exploitation.

Impact Analysis

This vulnerability could lead to denial of service by overwhelming the system with emails, disrupting normal operations. It may also allow attackers to manipulate program logic for unintended behavior.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by enabling denial-of-service attacks that disrupt system availability. GDPR requires organizations to implement measures to ensure the availability of personal data processing systems, while HIPAA mandates safeguards against disruptions that could compromise protected health information. The lack of mail limitation in the Forget Password functionality may lead to service disruptions, affecting compliance with these regulations.

Mitigation Strategies

Implement rate limiting on the 'Forget Password' endpoint to prevent abuse. Configure email throttling to restrict the number of reset requests per user or IP address. Review and update firewall rules to block suspicious traffic patterns targeting this functionality.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-23565. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart