Description
HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks.
Published: 2026-03-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The flaw in HCL Aftermarket DPC is a banner disclosure vulnerability that exposes detailed software and version information to users who are not authenticated. By reading the banner, an attacker learns the exact product name and version, providing a foundation for more targeted exploits. This weakness is classified as CWE‑200, which covers information exposure through inadequate channels.

Affected Systems

HCL Aftermarket DPC, version 1.0.0, is affected by this vulnerability.

Risk and Exploitability

The CVSS score of 3.1 suggests a low severity impact, and no EPSS score is available, indicating that exploitation probability has not been quantified. Based on the description, it is inferred that the banner is shown to unauthenticated users, meaning no authentication is required to obtain the disclosed information. The vulnerability is not listed in CISA's KEV catalog, implying no known widespread exploitation yet. Nevertheless, the disclosed information could facilitate future attacks once the system is known.

Generated by OpenCVE AI on March 26, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HCL Aftermarket DPC patch as released by the vendor.
  • If no patch is immediately available, block external connections to the service that returns the system banner using firewall rules or network segmentation.
  • Verify that the banner no longer displays product name or version details after remediation.

Generated by OpenCVE AI on March 26, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks.
Title HCL Aftermarket DPC is affected by Banner Disclosure vulnerability
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T15:01:48.559Z

Reserved: 2025-08-12T07:00:17.741Z

Link: CVE-2025-55272

cve-icon Vulnrichment

Updated: 2026-03-26T13:42:19.271Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:26.720

Modified: 2026-03-26T19:43:11.207

Link: CVE-2025-55272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:32Z

Weaknesses