CVE-2024-23568
Received Received - Intake

Information Disclosure in HCL Aftermarket EPC

Vulnerability report for CVE-2024-23568, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: HCL Software

Description

HCL Aftermarket EPC is vulnerable to attacks since the server software version used by the application is revealed by the web server. Displaying version information of software could allow an attacker to determine which vulnerabilities are present in the software, particularly if an outdated software version is in use with published vulnerabilities.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcl aftermarket_epc *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

HCL Aftermarket EPC reveals the server software version through the web server. This allows attackers to identify potential vulnerabilities in the software, especially if an outdated version with known issues is being used.

Detection Guidance

Check web server responses for exposed version information in HTTP headers or error pages. Use tools like curl to inspect headers: curl -I http://target-server. Look for server software version details in responses.

Impact Analysis

An attacker could use the disclosed version information to find and exploit known vulnerabilities in the software, potentially leading to unauthorized access, data breaches, or service disruptions.

Mitigation Strategies

Disable server version disclosure in web server configurations. For Apache, set ServerTokens Prod and ServerSignature Off. For Nginx, remove or modify server_tokens directive. Update HCL Aftermarket EPC to the latest version if available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-23568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart