CVE-2026-35141

Summary

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include timestamps with every message, ensuring that messages exceeding a specific age threshold are automatically rejected by the recipient system.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareDFXAnalyticsversion 3.0 and belowaffected

Weaknesses

  • CWE-294: CWE-294: Authentication Bypass by Capture-replay

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References