Description
HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.
Published: 2026-03-26
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Session hijacking / admin impersonation
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an Admin Session Concurrency flaw that lets an attacker exploit overlapping user sessions to hijack or impersonate an administrative user. Classified as CWE‑557, it reveals insecure handling of session identifiers. If exploited, the attacker gains administrative privileges, allowing full read, modify, or delete capabilities over system data, configurations, or settings. The CVSS score of 3.7 reflects a low‑to‑moderate risk, indicating the flaw is not trivial but could become serious in environments where administrator sessions are not tightly controlled.

Affected Systems

The affected product is HCL Aftermarket DPC version 1.0.0. No other vendors or versions are listed in the data.

Risk and Exploitability

With a CVSS score of 3.7 and an unavailable EPSS value, the exploitation likelihood is not high, but the attack may still succeed if an attacker can initiate or manage concurrent sessions. Once successful, the attacker attains full administrator permissions, potentially compromising confidentiality, integrity, and availability of the entire system. The vulnerability is not listed in the CISA KEV catalog, so no known public exploits are documented yet, but the potential impact warrants vigilance.

Generated by OpenCVE AI on March 26, 2026 at 21:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available HCL patch or update that addresses the Admin Session Concurrency issue
  • If no patch is available, limit the number of simultaneous sessions per user and enforce stricter session timeout policies
  • Disable or tightly restrict concurrent session capabilities for administrative accounts
  • Monitor admin accounts for abnormal login patterns and session spikes
  • Verify with HCL support for any interim workarounds or configuration guidance

Generated by OpenCVE AI on March 26, 2026 at 21:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.
Title HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability
Weaknesses CWE-557
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T13:21:32.798Z

Reserved: 2025-08-12T07:00:17.742Z

Link: CVE-2025-55275

cve-icon Vulnrichment

Updated: 2026-03-26T13:21:29.632Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:27.187

Modified: 2026-03-26T20:25:24.000

Link: CVE-2025-55275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:36Z

Weaknesses