Description
HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout.
Published: 2026-03-26
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Internal IP exposure
Action: Patch immediately
AI Analysis

Impact

The flaw in HCL Aftermarket DPC allows attackers to learn the internal IP addresses used within an organisation, effectively mapping the network. This exposure compromises confidentiality by revealing sensitive infrastructure details that can be leveraged for further attacks. The weakness is classified as CWE‑200 (Information Exposure).

Affected Systems

The vulnerability affects HCL Aftermarket DPC version 1.0.0. Systems running this product should verify that they are running the affected version and assess any risk of exposure.

Risk and Exploitability

The CVSS score of 3.1 indicates a low‑to‑moderate severity. EPSS data is not available, so the probability of exploitation is uncertain, and the flaw is not listed in the CISA KEV catalog. Likely exploitation would occur via exposed web or application interfaces that allow an attacker to retrieve internal IP addresses. The exact attack vector is not specified in the advisory, so the information is inferred from the nature of the disclosure.

Generated by OpenCVE AI on March 26, 2026 at 21:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check HCL support portal or contact HCL directly for the security update that fixes the internal IP disclosure flaw.
  • Apply the vendor-supplied patch as soon as it is available to eliminate the vulnerability.
  • Limit external exposure of management interfaces and API endpoints that reveal internal network information, ensuring only trusted users can access them.

Generated by OpenCVE AI on March 26, 2026 at 21:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout.
Title HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T13:21:57.622Z

Reserved: 2025-08-12T07:00:17.742Z

Link: CVE-2025-55276

cve-icon Vulnrichment

Updated: 2026-03-26T13:21:54.379Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:27.343

Modified: 2026-03-26T20:08:16.807

Link: CVE-2025-55276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:37Z

Weaknesses