Severity by source
AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Replay attack demands MitM positioning (AC:H) but the attacker requires no privileges on the target application (PR:N); replayed session yields limited read/write access in another user's context (C:L, I:L, S:C).
Primary rating from Vendor (HCL).
CVSS VectorVendor: HCL
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include timestamps with every message, ensuring that messages exceeding a specific age threshold are automatically rejected by the recipient system.
AnalysisAI
Login replay vulnerability in HCL DFXAnalytics enables a remote attacker in a man-in-the-middle network position to capture and retransmit valid authentication messages, gaining unauthorized access as a legitimate user. The application lacks message-freshness enforcement - no timestamps or nonce mechanisms are applied to bound the validity window of authentication data, a design gap classified under CWE-294. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to occupy a man-in-the-middle network position between a legitimate DFXAnalytics user and the server - achievable via ARP spoofing on a shared LAN segment, a compromised upstream network device, or a rogue access point. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 2.6 (Low) accurately reflects the high exploitation barrier imposed by the combined vector: AC:H demands the attacker achieve a privileged network interception position, PR:H suggests elevated access requirements on the attacker side (though this metric choice is atypical for a capture-replay scenario - see confidence notes), UI:R requires that a legitimate user actively authenticate during the capture window, and C:N indicates no direct confidentiality exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a man-in-the-middle position on the same network segment as a DFXAnalytics user - achieved, for example, via ARP cache poisoning on a shared enterprise LAN - intercepts the authentication exchange when the victim logs in. The attacker stores the captured authentication message and replays it to the DFXAnalytics server at a later time; because the application imposes no timestamp validation or nonce check, the server accepts the replayed data and establishes an authenticated session under the victim's identity. … |
| Remediation | Apply the update or configuration guidance detailed in HCL's advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787; no specific patched version number has been confirmed from the available data, so customers should consult the advisory directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Dfxanalytics
View allTLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti
Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to interce
HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling
HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log
Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the applicati
HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w
HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to
HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi
HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent
Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac
Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a
HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw
Same weakness CWE-294 – Authentication Bypass by Capture-replay
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44917
GHSA-3252-v85m-5fq8