Description
HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.
Published: 2026-03-26
Score: 2.6 Low
EPSS: < 1% Very Low
KEV: No
Impact: Potential exploitation via outdated components
Action: Update
AI Analysis

Impact

HCL Aftermarket DPC is vulnerable because it incorporates components that are known to be outdated or vulnerable, a weakness represented by the Use of Vulnerable/Outdated Versions flaw. An attacker could leverage publicly available exploits for those components and craft attacks that target the application itself. The impact could include loss of system functionality and possible exposure of organizational data. This flaw is classified as CWE‑1104.

Affected Systems

The affected product is HCL Aftermarket DPC, version 1.0.0 and earlier releases that contain the vulnerable components. The product is distributed by HCL Technologies and delivered as a cloud‑based service, potentially impacting any deployment of this application.

Risk and Exploitability

The CVSS score of 2.6 indicates low to moderate severity. EPSS data is not available, so the prevalence of active exploitation cannot be determined, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is remote, using exposed application interfaces to trigger known exploits against the underlying components. Overall risk remains low to moderate unless a high‑impact exploit is discovered for the specific component version in use.

Generated by OpenCVE AI on March 26, 2026 at 21:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the exact version of Aftermarket DPC that is deployed
  • Consult the HCL support portal for any patches or updated releases
  • Apply the latest patch or upgrade to a non‑vulnerable release
  • Restart any affected services or the entire application as required
  • Monitor the application logs for unusual activity and confirm the vulnerability is remediated

Generated by OpenCVE AI on March 26, 2026 at 21:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aftermarket Dpc
Vendors & Products Hcl
Hcl aftermarket Dpc

Thu, 26 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aftermarket Cloud
CPEs cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech aftermarket Cloud

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.
Title HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability
Weaknesses CWE-1104
References
Metrics cvssV3_1

{'score': 2.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Hcl Aftermarket Dpc
Hcltech Aftermarket Cloud
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-26T13:22:15.944Z

Reserved: 2025-08-12T07:00:17.742Z

Link: CVE-2025-55277

cve-icon Vulnrichment

Updated: 2026-03-26T13:22:12.492Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T13:16:27.487

Modified: 2026-03-26T20:23:30.913

Link: CVE-2025-55277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:38Z

Weaknesses