CVE-2025-55261
HCL Aftermarket DPC is affected by Missing Functional Level Access Control
In short
HCL Aftermarket DPC lacks proper access controls at the functional level, allowing attackers to gain unauthorized privileges and access or modify sensitive data within the application.
Technical detail
Missing functional-level access control in HCL Aftermarket DPC enables privilege escalation attacks where authenticated or unauthenticated users can bypass authorization checks to access restricted features. The vulnerability permits unauthorized data exfiltration and modification, compromising data integrity and confidentiality.
Summary generated and translated by AI from the official description.
HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected products
HCL · Aftermarket DPCWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →