PatchSiren

PatchSiren cyber security CVE debrief

CVE-2024-23573 HCLSoftware CVE debrief

The HCL Aftermarket EPC application is vulnerable to the Lucky 13 attack, affecting TLS 1.1, 1.2, and DTLS 1.0 or 1.2 implementations, as well as previous versions like SSL 3.0 and TLS 1.0. This vulnerability can be considered a type of man-in-the-middle attack. Organizations should assess their exposure and apply necessary patches or mitigations. The evidence for this vulnerability is limited, and verification tasks are needed to confirm the affected scope and vendor remediation. Defenders should verify the affected scope and vendor remediation. It is recommended that security teams review the vulnerability and its potential impact on their systems.

Vendor
HCLSoftware
Product
Aftermarket EPC
CVSS
LOW 3.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Organizations using HCL Aftermarket EPC should assess their exposure and apply necessary patches or mitigations. Security teams and vulnerability management teams should review the vulnerability and its potential impact on their systems.

Technical summary

The vulnerability in HCL Aftermarket EPC allows for a Lucky 13 attack, which can impact TLS and DTLS implementations. This could enable attackers to intercept and manipulate communications. The attack affects the TLS 1.1, 1.2, and DTLS 1.0 or 1.2 implementations, as well as previous versions like SSL 3.0 and TLS 1.0. The vulnerability can be considered a type of man-in-the-middle attack. Organizations should assess their exposure and apply necessary patches or mitigations. Security teams should review the vulnerability and its potential impact on their systems.

Defensive priority

Apply patches or updates from HCL Software to address the vulnerability. Review and adjust configurations for TLS and DTLS as necessary.

Recommended defensive actions

  • Apply patches or updates from HCL Software
  • Review and adjust configurations for TLS and DTLS
  • Monitor for suspicious activity
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The evidence for this vulnerability is limited, and verification tasks are needed to confirm the affected scope and vendor remediation. HCL Aftermarket EPC's vulnerability to the Lucky 13 attack affects TLS 1.1, 1.2, and DTLS 1.0 or 1.2 implementations, as well as previous versions like SSL 3.0 and TLS 1.0. Defenders should verify the affected scope and vendor remediation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T14:17:17.573Z and has not been modified since then.