Skip to main content

HCL DFXAnalytics CVE-2026-35141

| EUVDEUVD-2026-44917 LOW
Authentication Bypass by Capture-replay (CWE-294)
2026-07-16 HCL GHSA-3252-v85m-5fq8
2.6
CVSS 3.1 · Vendor: HCL

Severity by source

Vendor (HCL) PRIMARY
2.6 LOW
AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
vuln.today AI
4.7 MEDIUM

Replay attack demands MitM positioning (AC:H) but the attacker requires no privileges on the target application (PR:N); replayed session yields limited read/write access in another user's context (C:L, I:L, S:C).

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (HCL).

CVSS VectorVendor: HCL

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 13:46 vuln.today

DescriptionCVE.org

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include timestamps with every message, ensuring that messages exceeding a specific age threshold are automatically rejected by the recipient system.

AnalysisAI

Login replay vulnerability in HCL DFXAnalytics enables a remote attacker in a man-in-the-middle network position to capture and retransmit valid authentication messages, gaining unauthorized access as a legitimate user. The application lacks message-freshness enforcement - no timestamps or nonce mechanisms are applied to bound the validity window of authentication data, a design gap classified under CWE-294. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain MitM position on network segment
Delivery
Wait for legitimate user authentication event
Exploit
Intercept authentication message in transit
Execution
Capture credential or session token
Persist
Replay captured data to DFXAnalytics server
Impact
Obtain unauthorized session as victim user

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to occupy a man-in-the-middle network position between a legitimate DFXAnalytics user and the server - achievable via ARP spoofing on a shared LAN segment, a compromised upstream network device, or a rogue access point. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 2.6 (Low) accurately reflects the high exploitation barrier imposed by the combined vector: AC:H demands the attacker achieve a privileged network interception position, PR:H suggests elevated access requirements on the attacker side (though this metric choice is atypical for a capture-replay scenario - see confidence notes), UI:R requires that a legitimate user actively authenticate during the capture window, and C:N indicates no direct confidentiality exposure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a man-in-the-middle position on the same network segment as a DFXAnalytics user - achieved, for example, via ARP cache poisoning on a shared enterprise LAN - intercepts the authentication exchange when the victim logs in. The attacker stores the captured authentication message and replays it to the DFXAnalytics server at a later time; because the application imposes no timestamp validation or nonce check, the server accepts the replayed data and establishes an authenticated session under the victim's identity. …
Remediation Apply the update or configuration guidance detailed in HCL's advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787; no specific patched version number has been confirmed from the available data, so customers should consult the advisory directly. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56454 MEDIUM
5.9 Jul 16

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti

CVE-2026-56453 MEDIUM
5.5 Jul 16

Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to interce

CVE-2025-31970 MEDIUM
5.3 May 06

HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling

CVE-2026-56456 MEDIUM
5.3 Jul 16

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log

CVE-2026-56455 MEDIUM
5.3 Jul 16

Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the applicati

CVE-2025-59851 LOW
3.7 May 06

HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w

CVE-2025-59852 LOW
3.7 May 06

HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to

CVE-2025-59854 LOW
3.1 May 06

HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi

CVE-2025-59853 LOW
3.1 May 06

HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent

CVE-2026-35145 LOW
3.1 Jul 16

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac

CVE-2026-35143 LOW
3.0 Jul 16

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a

CVE-2026-35140 LOW
3.0 Jul 16

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw

Share

CVE-2026-35141 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy