Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Primary rating from Vendor (HCL) · only source for this CVE.
CVSS VectorVendor: HCL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
HCL DFXServer is affected by a Broken Authentication vulnerability via direct API access. The application fails to verify the user's authentication status when accessing specific API endpoints, allowing an unauthenticated attacker to interact with the APIs and perform unauthorized actions without valid credentials.
AnalysisAI
Authentication bypass in HCL DFXServer allows remote unauthenticated attackers to reach specific API endpoints directly and perform unauthorized actions without valid credentials, because the application never verifies authentication status on those routes. The primary impact is high confidentiality exposure with limited integrity impact (CVSS 8.2), and the flaw was self-reported by HCL. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, identify and inventory all HCL DFXServer instances in your environment and document their network exposure and connected data classification. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication bypass in HCL DFXServer lets an unauthenticated remote attacker intercept and tamper with the server's au
Unauthenticated API access in HCL DFXServer exposes application endpoints to any network-reachable user without identity
HCL DFXServer permits client connections over plaintext HTTP, exposing all transmitted data to interception by any attac
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44908
GHSA-36pf-7582-rqcr