CVE-2024-23571
Received
Received - Intake
Information Disclosure in HCL Aftermarket EPC Due to Improper Caching
Vulnerability report for CVE-2024-23571, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: HCL Software
Description
Description
HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcl | aftermarket_epc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-525 | The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. |