← Back
2026-03-26 13:2CVE-2025-55266HCL
PUBLISHED5.2CWE-384

HCL Aftermarket DPC is affected by Session Fixation

HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.

Problem type

Affected products

HCL

Aftermarket DPC

version 1.0.0 - AFFECTED

References

support.hcl-software.com

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-55266
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-55266",
    "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
    "assignerShortName": "HCL",
    "dateUpdated": "2026-03-26T15:01:00.585Z",
    "dateReserved": "2025-08-12T06:59:56.644Z",
    "datePublished": "2026-03-26T13:02:07.069Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
        "shortName": "HCL",
        "dateUpdated": "2026-03-26T13:02:07.069Z"
      },
      "title": "HCL Aftermarket DPC is affected by Session Fixation",
      "descriptions": [
        {
          "lang": "en",
          "value": "HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "HCL",
          "product": "Aftermarket DPC",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "version 1.0.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-384: Session Fixation",
              "cweId": "CWE-384",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
            "attackVector": "NETWORK",
            "attackComplexity": "HIGH",
            "privilegesRequired": "NONE",
            "userInteraction": "REQUIRED",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM"
          }
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T15:01:00.585Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}