Velocity
Monthly
Missing login rate-limiting in HCL DevOps Velocity (all versions before 5.1.7) lets remote attackers submit unlimited authentication attempts past the intended failed-login threshold, enabling automated brute-force and credential-stuffing against user accounts. Reported by HCL and fixed in 5.1.7, with no public exploit identified at time of analysis; EPSS is very low (0.02%) and CISA SSVC records exploitation as none and technical impact as only partial, contrasting sharply with the vendor's 9.8 CVSS.
Missing login rate-limiting in HCL DevOps Velocity (all versions before 5.1.7) lets remote attackers submit unlimited authentication attempts past the intended failed-login threshold, enabling automated brute-force and credential-stuffing against user accounts. Reported by HCL and fixed in 5.1.7, with no public exploit identified at time of analysis; EPSS is very low (0.02%) and CISA SSVC records exploitation as none and technical impact as only partial, contrasting sharply with the vendor's 9.8 CVSS.