Monthly
HCL Aftermarket DPC versions up to 1.0.0 contain an admin session concurrency vulnerability that allows authenticated attackers with low privileges to hijack or impersonate administrator sessions through exploitation of improper concurrent session handling. The vulnerability requires user interaction and has moderate attack complexity, resulting in partial confidentiality and availability impact. No public exploit has been identified at time of analysis, and CISA has not listed this in the KEV catalog, indicating limited real-world exploitation pressure despite the administrative access implications.
HCL Aftermarket DPC versions up to 1.0.0 contain an admin session concurrency vulnerability that allows authenticated attackers with low privileges to hijack or impersonate administrator sessions through exploitation of improper concurrent session handling. The vulnerability requires user interaction and has moderate attack complexity, resulting in partial confidentiality and availability impact. No public exploit has been identified at time of analysis, and CISA has not listed this in the KEV catalog, indicating limited real-world exploitation pressure despite the administrative access implications.