PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-23572 HCLSoftware CVE debrief

CVE-2024-23572 is a MEDIUM severity vulnerability in HCL Aftermarket EPC with a CVSS score of 4.2. The issue appears to involve a session token in a cookie, which may increase the risk associated with this vulnerability. A review of the cookie contents is necessary to determine its function. The vulnerability is classified as CWE-614. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N.

Vendor
HCLSoftware
Product
Aftermarket EPC
CVSS
MEDIUM 4.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Organizations using HCL Aftermarket EPC should review the contents of the cookie to determine its function and assess the risk associated with this vulnerability. Operators, platform administrators, vulnerability management teams, and security teams should be aware of the potential risks and take necessary actions.

Technical summary

The CVE-2024-23572 vulnerability has a CVSS score of 4.2 and a MEDIUM severity level. The vulnerability appears to involve a session token in a cookie. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N. The weakness is classified as CWE-614. The vulnerability may increase the risk associated with this issue.

Defensive priority

Medium priority due to the potential risk associated with the session token in the cookie. Organizations should consider compensating controls to mitigate potential risks.

Recommended defensive actions

  • Review the contents of the cookie to determine its function
  • Assess the risk associated with this vulnerability
  • Consider compensating controls to mitigate potential risks
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

Evidence is limited; further review of the cookie contents and HCL Aftermarket EPC functionality is necessary to fully understand the vulnerability. The vulnerability appears to involve a session token in a cookie, which may increase the risk associated with this issue. A review of the cookie contents is necessary to determine its function. The CVSS score is 4.2 and the severity is MEDIUM.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T14:17:17.460Z and has not been modified since then.