Description
HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.
Published: 2026-03-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A user can trigger excessive spamming traffic against HCL Aftermarket DPC, causing the system to consume considerable bandwidth and processing resources. The resulting resource exhaustion impairs normal service operation, effectively making the application unavailable to legitimate users. The weakness is classified as CWE-799, which is related to the unsafe handling of network load.

Affected Systems

The vulnerability affects HCL Aftermarket DPC, specifically version 1.0.0, as specified with the vendor and product name in the CNA listing.

Risk and Exploitability

The CVSS score of 4.3 denotes a moderate level of severity. While no EPSS score is provided, the lack of an exploitable code example suggests that the exploitability relies mainly on the ability to send high‑volume spam traffic to the target. Inferred from the description, the attack vector is likely through the network, requiring only basic network access to the affected service. The vulnerability is not present in the CISA KEV catalog. Given these factors, effective exploitation would involve flooding the target with malicious or high‑volume requests, leading to denial of service.

Generated by OpenCVE AI on March 26, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available patch or update released by HCL for Aftermarket DPC.
  • Consult the HCL support article (KB0129793) for recommended configuration or mitigation guidance.
  • If a patch is not yet available, enforce network-level controls such as rate limiting or traffic shaping to mitigate excessive request volumes.
  • Monitor inbound traffic for abnormal spikes and consider scaling bandwidth or computing resources to absorb potential flooding attacks.

Generated by OpenCVE AI on March 26, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.
Title HCL Aftermarket DPC is affected by Spamming Vulnerability
Weaknesses CWE-799
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T15:01:19.996Z

Reserved: 2025-08-12T06:59:56.644Z

Link: CVE-2025-55268

cve-icon Vulnrichment

Updated: 2026-03-26T13:40:08.486Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:26.103

Modified: 2026-03-26T20:34:20.690

Link: CVE-2025-55268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:29Z

Weaknesses