PatchSiren cyber security CVE debrief
CVE-2024-23572 HCLSoftware CVE debrief
CVE-2024-23572 is a MEDIUM severity vulnerability in HCL Aftermarket EPC with a CVSS score of 4.2. The issue appears to involve a session token in a cookie, which may increase the risk associated with this vulnerability. A review of the cookie contents is necessary to determine its function. The vulnerability is classified as CWE-614. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N.
- Vendor
- HCLSoftware
- Product
- Aftermarket EPC
- CVSS
- MEDIUM 4.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Organizations using HCL Aftermarket EPC should review the contents of the cookie to determine its function and assess the risk associated with this vulnerability. Operators, platform administrators, vulnerability management teams, and security teams should be aware of the potential risks and take necessary actions.
Technical summary
The CVE-2024-23572 vulnerability has a CVSS score of 4.2 and a MEDIUM severity level. The vulnerability appears to involve a session token in a cookie. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N. The weakness is classified as CWE-614. The vulnerability may increase the risk associated with this issue.
Defensive priority
Medium priority due to the potential risk associated with the session token in the cookie. Organizations should consider compensating controls to mitigate potential risks.
Recommended defensive actions
- Review the contents of the cookie to determine its function
- Assess the risk associated with this vulnerability
- Consider compensating controls to mitigate potential risks
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
Evidence is limited; further review of the cookie contents and HCL Aftermarket EPC functionality is necessary to fully understand the vulnerability. The vulnerability appears to involve a session token in a cookie, which may increase the risk associated with this issue. A review of the cookie contents is necessary to determine its function. The CVSS score is 4.2 and the severity is MEDIUM.
Official resources
-
CVE-2024-23572 CVE record
CVE.org
-
CVE-2024-23572 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T14:17:17.460Z and has not been modified since then.