Skip to main content

HCL DFXAnalytics EUVDEUVD-2026-44923

| CVE-2026-56455 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-07-16 HCL GHSA-c4fr-5qh5-c6fh
5.3
CVSS 3.1 · Vendor: HCL
Share

Severity by source

Vendor (HCL) PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
5.3 MEDIUM

Network-reachable input endpoint requires no authentication; impact is solely process crash with no code execution, data exposure, or integrity loss.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (HCL).

CVSS VectorVendor: HCL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 16, 2026 - 13:48 vuln.today

DescriptionCVE.org

HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service (DoS). The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory container, which can cause the system to crash or become unresponsive. To mitigate this flaw, comprehensive input length checks must be implemented and enforced on both the client and server sides.

AnalysisAI

Stack-based buffer overflow in HCL DFXAnalytics allows remote unauthenticated attackers to crash or render the application unresponsive by submitting excessively large input values that bypass missing server-side length validation. The vulnerability carries a CVSS 3.1 score of 5.3 (Medium) with availability as the sole impact dimension - no confidentiality or integrity exposure is present, and remote code execution has not been indicated. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Send oversized input to network endpoint
Delivery
Trigger stack-based buffer overflow in input handler
Exploit
Corrupt stack frames
Execution
Crash application process
Impact
Deny service to legitimate users

Vulnerability AssessmentAI

Exploitation No special configuration is required - the CVSS vector AV:N/AC:L/PR:N/UI:N/S:U indicates this is remotely exploitable against default configurations of HCL DFXAnalytics without authentication or user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 5.3 (Medium) correctly reflects a bounded risk profile: the attack is low-complexity and requires no authentication (AV:N/AC:L/PR:N/UI:N), but scope is unchanged and impact is limited exclusively to availability at the Low tier (A:L), meaning partial or intermittent service disruption rather than a full outage or data breach. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies a DFXAnalytics data-submission or API endpoint exposed over the network, then sends a crafted request containing an input field that exceeds the server's fixed-size stack buffer. The buffer overflow corrupts adjacent stack memory, causing the process to crash and rendering the analytics service unavailable until it is manually or automatically restarted.
Remediation Consult the HCL vendor advisory at https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131787 for patch availability; no exact fixed version number was included in the available input data, so a patched release version cannot be independently confirmed at this time. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-35143 MEDIUM
6.5 Jul 16

Cross-Site Request Forgery exposure in HCL DFXAnalytics arises because session cookies generated during authentication a

CVE-2026-56454 MEDIUM
5.9 Jul 16

TLS protocol downgrade exposure in HCL DFXAnalytics allows network-positioned attackers to intercept and decrypt sensiti

CVE-2026-56453 MEDIUM
5.5 Jul 16

Account takeover through HTTP response manipulation in HCL DFXAnalytics enables a network-positioned attacker to interce

CVE-2025-31970 MEDIUM
5.3 May 06

HCL DFXAnalytics fails to enforce strict Content-Security-Policy (CSP) directives for object-src and base-uri, enabling

CVE-2026-56456 MEDIUM
5.3 Jul 16

HCL DFXAnalytics exposes internal file system paths and directory structure through unhandled error messages, system log

CVE-2026-35142 HIGH
8.2 Jul 16

Internal IP address disclosure in HCL DFXAnalytics (version 3.0 and below) exposes internal network topology data embedd

CVE-2025-59851 LOW
3.7 May 06

HCL DFXAnalytics contains unpatched third-party libraries with known vulnerabilities that could allow remote attackers w

CVE-2025-59852 LOW
3.7 May 06

HCL DFXAnalytics transmits sensitive data over the network without encryption, allowing network-positioned attackers to

CVE-2025-59854 LOW
3.1 May 06

HCL DFXAnalytics relies on the obsolete X-XSS-Protection security header instead of implementing a modern Content Securi

CVE-2025-59853 LOW
3.1 May 06

HCL DFXAnalytics exposes detailed stack traces in application responses due to improper error handling, allowing authent

CVE-2026-35145 LOW
3.1 Jul 16

Missing HSTS header in HCL DFXAnalytics exposes authenticated sessions to protocol downgrade and man-in-the-middle attac

CVE-2026-35140 LOW
3.0 Jul 16

HCL DFXAnalytics fails to set the 'secure' attribute on session cookies generated during authentication, enabling a netw

Share

EUVD-2026-44923 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy