Skip to main content

HCL DFXAnalytics CVE-2026-35142

| EUVDEUVD-2026-44918 LOW
Information Exposure (CWE-200)
2026-07-16 HCL GHSA-xxvx-4jh7-w294
2.6
CVSS 3.1 · Vendor: HCL

Severity by source

Vendor (HCL) PRIMARY
2.6 LOW
AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
vuln.today AI
2.0 LOW

High privilege and explicit user interaction required to trigger disclosure; confidentiality rated Low for IP address leakage; no integrity or availability impact applies to this information-only disclosure.

3.1 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
4.0 AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (HCL).

CVSS VectorVendor: HCL

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 13:46 vuln.today

DescriptionCVE.org

HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal infrastructure for further targeted attacks.

AnalysisAI

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated access to harvest internal network topology details from generated server responses. The application embeds private IP addresses directly in its output, violating the CWE-200 information boundary and enabling attackers to map internal infrastructure for follow-on targeted attacks. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Acquire high-privilege DFXAnalytics credentials
Delivery
Authenticate to network-accessible application
Exploit
Trigger privileged workflows producing server responses
Execution
Extract embedded internal IP addresses from responses
Persist
Correlate IPs to map internal network topology
Impact
Target internal infrastructure for follow-on attacks

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with high-privilege access to HCL DFXAnalytics (PR:H per the CVSS vector), high attack complexity (AC:H), and user interaction (UI:R), meaning passive credential theft alone is insufficient - the attacker must actively perform privileged application actions that generate the vulnerable responses. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N) yields a base score of 2.6, firmly in the Low range. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has compromised high-privilege credentials to HCL DFXAnalytics - either through phishing, credential stuffing, or insider access - triggers specific application actions that generate server responses containing embedded internal IP addresses. The attacker systematically records these addresses across multiple responses to enumerate internal subnets and application server clusters, then uses this topology map to identify and target internal hosts that would otherwise require active network scanning to discover.
Remediation Consult the HCL Software knowledge base article KB0131787 at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787 for vendor-specific patching or configuration guidance; a confirmed fixed version number is not available from current data sources. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56454 MEDIUM
5.9 Jul 16

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti

CVE-2026-56453 MEDIUM
5.5 Jul 16

Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to interce

CVE-2025-31970 MEDIUM
5.3 May 06

HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling

CVE-2026-56456 MEDIUM
5.3 Jul 16

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log

CVE-2026-56455 MEDIUM
5.3 Jul 16

Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the applicati

CVE-2025-59851 LOW
3.7 May 06

HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w

CVE-2025-59852 LOW
3.7 May 06

HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to

CVE-2025-59854 LOW
3.1 May 06

HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi

CVE-2025-59853 LOW
3.1 May 06

HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent

CVE-2026-35145 LOW
3.1 Jul 16

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac

CVE-2026-35143 LOW
3.0 Jul 16

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a

CVE-2026-35140 LOW
3.0 Jul 16

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw

Share

CVE-2026-35142 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy