Description
HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..
Published: 2026-03-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Command injection and potential arbitrary code execution via HTTP Response Splitting
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a classic HTTP Response Splitting flaw (CWE‑113). A crafted request could cause the application to split the response header and body, enabling an attacker to inject arbitrary content or execute commands on the server. The impact ranges from data exfiltration through injected payloads to hostile command execution if the application processes the split response incorrectly.

Affected Systems

The affected product is HCL Aftermarket DPC (HCL Aftermarket Cloud) version 1.0.0. The single identified version in the CPE list confirms that the 1.0.0 release is vulnerable.

Risk and Exploitability

The CVSS score of 3.1 indicates low overall severity, and the vulnerability is not listed in the CISA KEV catalog. The risk is primarily derived from the ability of an external attacker to send a malicious HTTP request to the affected endpoint. Exploitation requires no privileged credentials and can be performed over the public network if the application is exposed. The absence of an EPSS score limits quantitative risk modeling, but the potential for arbitrary command execution makes it advisable to remediate promptly.

Generated by OpenCVE AI on March 26, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a version of HCL Aftermarket DPC that addresses HTTP Response Splitting
  • Verify the patch by checking the application’s version information
  • If an immediate patch is not possible, restrict inbound traffic to the application to trusted IP ranges only
  • Monitor logs for abnormal response headers or evidence of response splitting attempts
  • Review the vendor support page (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793) for additional guidance

Generated by OpenCVE AI on March 26, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..
Title HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability
Weaknesses CWE-113
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T15:01:42.798Z

Reserved: 2025-08-12T07:00:17.741Z

Link: CVE-2025-55271

cve-icon Vulnrichment

Updated: 2026-03-26T13:42:04.639Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:26.567

Modified: 2026-03-26T20:31:41.110

Link: CVE-2025-55271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:31Z

Weaknesses