CVE-2024-23573
Received Received - Intake

Lucky 13 Attack in HCL Aftermarket EPC

Vulnerability report for CVE-2024-23573, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: HCL Software

Description

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of man-in-the-middle attack.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hcl aftermarket_epc to 1.3.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-425 The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

HCL Aftermarket EPC is vulnerable to Lucky 13 attack, which exploits weaknesses in TLS 1.1, TLS 1.2, DTLS 1.0, and DTLS 1.2 implementations. This allows a man-in-the-middle attacker to decrypt sensitive data by manipulating timing differences in cryptographic operations.

Impact Analysis

This vulnerability may allow attackers to intercept and decrypt sensitive communications, potentially exposing confidential data such as credentials or personal information transmitted over affected TLS/DTLS connections.

Mitigation Strategies

Disable TLS 1.1 and 1.2, as well as DTLS 1.0 and 1.2 if possible. Upgrade to TLS 1.3 which is not affected by Lucky 13. Apply patches from HCL if available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-23573. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart