HCL Aftermarket DPC Failure to Invalidate Session on Password Change Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability exists in HCL Aftermarket DPC due to a failure to properly invalidate sessions when a password is changed. This oversight allows an attacker to retain access to a user's session, enabling them to maintain control over the account even after the password has been updated, potentially leading to unauthorized actions on behalf of the user.

Impact

Exploitation of this vulnerability can result in unauthorized account access and control, allowing an attacker to perform actions on behalf of the user.

Added: Mar 26, 2026, 2:27 PM

Updated: Mar 26, 2026, 2:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Aftermarket DPC Failure to Invalidate Session on Password Change Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating