Description
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.
Published: 2026-05-06
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insufficient transport layer protection flaw in HCL DFXAnalytics. Data transmitted over the network is not encrypted, allowing an attacker to intercept or tamper with traffic. This can lead to the compromise of confidentiality, integrity, and authentication of sensitive information. The weakness is classified as CWE‑319, which relates to lack of encryption or improper use of encryption mechanisms.

Affected Systems

The affected product is HCL DFXAnalytics. No specific version details are listed, so all deployments running the unencrypted transport configuration could be impacted. Administrators should verify whether their instance is configured to use secure transport (TLS/SSL) before assessing risk.

Risk and Exploitability

The CVSS score of 3.7 indicates a moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is likely network‑based; a remote adversary who can observe or modify traffic between the client and DFXAnalytics could exploit the lack of encryption. Exploitation requires no special credentials and can affect any user session that transmits data unencrypted.

Generated by OpenCVE AI on May 6, 2026 at 11:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Configure DFXAnalytics to use TLS/SSL for all inbound and outbound network connections.
  • Apply any vendor‑issued updates that add or enforce secure transport wherever possible.
  • If a patch is not yet available, restrict network access to the application and consider deploying a VPN or dedicated secure tunnel for all traffic.
  • Regularly monitor network traffic for signs of interception or tampering.

Generated by OpenCVE AI on May 6, 2026 at 11:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl dfxanalytics
Vendors & Products Hcl
Hcl dfxanalytics

Thu, 07 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech dfxanalytics
CPEs cpe:2.3:a:hcltech:dfxanalytics:*:*:*:*:*:*:*:*
Vendors & Products Hcltech
Hcltech dfxanalytics

Wed, 06 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.
Title HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Hcl Dfxanalytics
Hcltech Dfxanalytics
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-06T13:22:27.255Z

Reserved: 2025-09-22T14:59:58.052Z

Link: CVE-2025-59852

cve-icon Vulnrichment

Updated: 2026-05-06T13:21:40.490Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T11:16:04.560

Modified: 2026-05-07T20:03:28.500

Link: CVE-2025-59852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:25:47Z

Weaknesses