CVE-2024-23571
Received Received - Intake

Information Disclosure in HCL Aftermarket EPC Due to Improper Caching

Vulnerability report for CVE-2024-23571, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: HCL Software

Description

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcl aftermarket_epc *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-525 The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

HCL Aftermarket EPC lacks an appropriate caching policy, allowing sensitive information in application responses to be stored in the local cache. This could be accessed by other users with access to the same computer later.

Impact Analysis

If you use a shared computer, attackers or other users might retrieve cached sensitive data from the application, potentially exposing personal or confidential information.

Compliance Impact

This vulnerability could lead to unauthorized access to sensitive data, violating GDPR (data protection) and HIPAA (health information privacy) requirements for secure data handling and storage.

Mitigation Strategies

Configure proper caching policies for HCL Aftermarket EPC to prevent sensitive information from being stored in local cache. Ensure responses and form fields are not cached by browsers or proxies.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-23571. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart