Description
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.
Published: 2026-03-26
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability in HCL Aftermarket DPC is a missing functional level access control flaw. This flaw allows an attacker to increase their privileges within the application. As a result, an attacker could gain unauthorized access to the system, potentially compromising the application and gaining the ability to steal or manipulate data. The weakness is categorized as CWE-284.

Affected Systems

The affected product is HCL Aftermarket DPC, a cloud-based aftermarket service platform by HCL Tech. No specific version ranges are supplied; the vulnerability was identified for the product as a whole.

Risk and Exploitability

The CVSS base score of 8.1 indicates high severity, reflecting the potential for privilege escalation. The EPSS score is not provided, and the vulnerability is not listed in the CISA KEV catalog. The lack of a publicly available exploit does not rule out the possibility of exploitation via web interfaces or API calls, so the attack vector is inferred to be remote, through accepted authentication channels.

Generated by OpenCVE AI on March 26, 2026 at 21:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch for HCL Aftermarket DPC as released by HCL.
  • If a patch is not yet available, restrict or disable unnecessary functional-level features.
  • Enforce least‑privilege and role‑based access controls to limit user permissions.
  • Monitor system logs for suspicious access attempts and perform regular security reviews.

Generated by OpenCVE AI on March 26, 2026 at 21:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.
Title HCL Aftermarket DPC is affected by Missing Functional Level Access Control
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T14:58:51.799Z

Reserved: 2025-08-12T06:59:56.644Z

Link: CVE-2025-55261

cve-icon Vulnrichment

Updated: 2026-03-26T14:58:42.712Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:07.710

Modified: 2026-03-26T20:01:57.193

Link: CVE-2025-55261

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:20Z

Weaknesses