← Back
2026-03-26 13:4CVE-2025-55264HCL
PUBLISHED5.2CWE-613

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change

HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.

Problem type

Affected products

HCL

Aftermarket DPC

version 1.0.0 - AFFECTED

References

support.hcl-software.com

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-55264
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-55264",
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "dateUpdated": "2026-03-26T18:35:17.005Z",
    "dateReserved": "2025-08-12T06:59:56.644Z",
    "datePublished": "2026-03-26T13:04:01.614Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL",
        "dateUpdated": "2026-03-26T13:04:01.614Z"
      },
      "title": "HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change",
      "descriptions": [
        {
          "lang": "en",
          "value": "HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "HCL",
          "product": "Aftermarket DPC",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "version 1.0.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-613: Insufficient Session Expiration",
              "cweId": "CWE-613",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "LOW",
            "userInteraction": "REQUIRED",
            "scope": "UNCHANGED",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "availabilityImpact": "LOW",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM"
          }
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T18:35:17.005Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}