CVE-2025-55271

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability

CVSS 3.1 LOWEPSS 0.3%CWE-113

In short

HCL Aftermarket DPC has a vulnerability where attackers can insert malicious content into HTTP responses by manipulating how the application handles data. This could allow them to inject harmful code or commands that users' browsers might execute.

Technical detail

HTTP Response Splitting vulnerability in HCL Aftermarket DPC allows attackers to inject arbitrary content into HTTP response headers or body by exploiting improper input validation. An attacker can craft malicious requests to split the response stream, potentially leading to arbitrary command execution or content injection depending on application-specific response handling. The attack vector is network-based with low attack complexity (CVSS 3.1 LOW).

Summary generated and translated by AI from the official description.

HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Affected products

HCL · Aftermarket DPC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793