Description
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc.
Published: 2026-03-26
Score: 3.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability involves improper input validation that permits the injection of executable code, potentially enabling agents to perform cross‑site scripting, SQL injection, and command injection attacks. These capabilities could allow an attacker to execute arbitrary commands or inject malicious scripts into the application environment.

Affected Systems

HCL Aftermarket DPC is affected by this flaw. No specific version numbers are listed in the advisory, but the vulnerability applies to the product identified as HCL Aftermarket DPC.

Risk and Exploitability

The CVSS score is 3.5, indicating low severity; EPSS data is unavailable and the issue is not listed in the KEV catalog. The likely attack vector appears to be through web‑based input fields, as the flaw involves input validation. While the risk score is low, the ability to inject executable code presents a non‑trivial security concern for systems running the affected product.

Generated by OpenCVE AI on March 26, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a patch or newer release is available from HCL and apply it immediately.
  • If no patch is available, review the web input handling in HCL Aftermarket DPC to ensure all parameters are properly validated and sanitized.
  • Monitor application logs for signs of injection attempts and anomalous command execution.
  • Refer to the support article linked in the advisory for additional guidance on securing the application.

Generated by OpenCVE AI on March 26, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc.
Title HCL Aftermarket DPC is affected by Improper Input Validation
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T15:01:36.305Z

Reserved: 2025-08-12T07:00:17.741Z

Link: CVE-2025-55270

cve-icon Vulnrichment

Updated: 2026-03-26T13:41:41.534Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:26.413

Modified: 2026-03-26T20:32:52.550

Link: CVE-2025-55270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:31Z

Weaknesses