Description
HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application.
Published: 2026-05-06
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a "Using Components with Known Vulnerabilities" flaw in HCL DFXAnalytics. The application embeds third‑party libraries or sub‑components that have not been patched. An attacker who can identify these publicly known security issues may be able to exploit them to gain unauthorized access or compromise the application, potentially leading to data exfiltration or further lateral movement. Additionally, this flaw aligns with CWE‑1395 and includes an unspecified other CWE entry (NVD-CWE-noinfo).

Affected Systems

HCL DFXAnalytics is the affected product. No specific version information is listed, indicating that any release built with unpatched libraries may be susceptible.

Risk and Exploitability

The CVSS score of 3.7 places the vulnerability in the moderate risk range. The EPSS score is 0.00033, indicating a very low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, but the presence of known component weaknesses means that a determined adversary could exploit the flaw if the vulnerable library is accessible. The primary weakness is reflected by CWE‑1395 and includes an unspecified other CWE entry (NVD-CWE-noinfo), suggesting that the issue arises from improper handling of configuration or validation of third‑party components.

Generated by OpenCVE AI on May 7, 2026 at 22:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade HCL DFXAnalytics to the latest release that resolves the component vulnerability.
  • Replace or update all referenced third‑party libraries to the latest patched versions.
  • Run a vulnerability assessment to confirm that all dependencies are free of known exploits.

Generated by OpenCVE AI on May 7, 2026 at 22:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl dfxanalytics
Vendors & Products Hcl
Hcl dfxanalytics

Thu, 07 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech dfxanalytics
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech dfxanalytics

Wed, 06 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the application.
Title HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability
Weaknesses CWE-1395
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Hcl Dfxanalytics
Hcltech Dfxanalytics
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-06T14:05:59.667Z

Reserved: 2025-09-22T14:59:58.052Z

Link: CVE-2025-59851

cve-icon Vulnrichment

Updated: 2026-05-06T13:42:27.523Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T11:16:04.440

Modified: 2026-05-07T20:04:10.620

Link: CVE-2025-59851

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T22:15:06Z

Weaknesses