HCL Aftermarket DPC contains a weak password policy that allows attackers to guess or brute‑force user credentials. The vulnerability can lead to unauthorized logins, enabling attackers to use the compromised accounts for further attacks or to access sensitive data. This weakness is classified as CWE-521. The CVSS score of 4.2 indicates a moderate severity. No further impact such as data exfiltration or remote code execution is documented.

The affected product is HCL Aftermarket DPC. The vendor is HCL, and the specific product name is Aftermarket DPC. No version range is provided in the CNA data. Users of any installation of this product should verify whether a current patch or security update addresses the weak password policy. If the exact version is unknown, all deployments of the product should be inspected for this configuration issue.

The CVSS score of 4.2 indicates that the vulnerability is moderate but can still enable attackers to obtain privileged access if passwords are weak. The EPSS score is not available, so the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in the CISA KEV catalogue. Because the weakness is a password policy issue, the likely attack vector is remote: an attacker can launch a brute‑force or credential‑guessing attack against the login interface. The vulnerability does not require advanced privileges or system compromise to be exploited. It is therefore considered a low–to‑moderate threat for systems that employ default or weak passwords.