Skip to main content

HCL DFXAnalytics CVE-2026-56453

| EUVDEUVD-2026-44921 MEDIUM
Authentication Bypass by Capture-replay (CWE-294)
2026-07-16 HCL GHSA-c44q-ff9x-p4wj
5.5
CVSS 3.1 · Vendor: HCL
Share

Severity by source

Vendor (HCL) PRIMARY
5.5 MEDIUM
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
vuln.today AI
7.7 HIGH

Account takeover yields full C:H/I:H on victim account; A:N because availability is not impacted by response manipulation; all other metrics match exploitation prerequisites confirmed by description and CVSS vector.

3.1 AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (HCL).

CVSS VectorVendor: HCL

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 13:47 vuln.today

DescriptionCVE.org

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to bypass controls and gain unauthorized access to targeted user accounts.

AnalysisAI

Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to intercept and alter server responses before they reach the client, subverting authentication and authorization decisions enforced client-side. The product, identified via CPE cpe:2.3:a:hcl_software:dfxanalytics:*:*:*:*:*:*:*:*, appears to trust server-provided authentication outcomes without cryptographic integrity protection, allowing a low-privileged adversary-in-the-middle to gain unauthorized access to arbitrary user accounts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Establish MITM position via ARP spoof or rogue routing
Delivery
Wait for victim user to authenticate to DFXAnalytics
Exploit
Intercept HTTP response from server in transit
Install
Modify auth or role fields in response body
C2
Forward altered response to client application
Execute
Client trusts manipulated response and grants elevated access
Impact
Attacker controls targeted user account

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to occupy an adversary-in-the-middle (AiTM) network position on the path between the victim client and the HCL DFXAnalytics server - either via ARP spoofing, rogue routing, DNS manipulation, or a compromised network appliance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The composite risk picture is moderate-to-low for opportunistic attackers but meaningful for targeted attacks. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-privilege network access positions themselves between a legitimate user and the DFXAnalytics server - for example via ARP spoofing on a shared VLAN or by compromising a network device. When the victim authenticates, the attacker intercepts the server's HTTP response indicating authentication failure or a low-privilege role and replaces those fields with values indicating success or administrative access. …
Remediation The primary remediation is to apply the patch or configuration fix detailed in HCL's advisory KB0131787 at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787; an exact patched version number was not available in the provided intelligence and must be confirmed from that source. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-56454 MEDIUM
5.9 Jul 16

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti

CVE-2025-31970 MEDIUM
5.3 May 06

HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling

CVE-2026-56456 MEDIUM
5.3 Jul 16

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log

CVE-2026-56455 MEDIUM
5.3 Jul 16

Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the applicati

CVE-2025-59851 LOW
3.7 May 06

HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w

CVE-2025-59852 LOW
3.7 May 06

HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to

CVE-2025-59854 LOW
3.1 May 06

HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi

CVE-2025-59853 LOW
3.1 May 06

HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent

CVE-2026-35145 LOW
3.1 Jul 16

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac

CVE-2026-35143 LOW
3.0 Jul 16

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a

CVE-2026-35140 LOW
3.0 Jul 16

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw

CVE-2026-35142 LOW
2.6 Jul 16

Internal IP address exposure in HCL DFXAnalytics allows remote attackers who have obtained high-privilege authenticated

Share

CVE-2026-56453 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy