HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability.
Summary
| CVE | CVE-2026-56453 |
|---|---|
| State | PUBLISHED |
| Assigner | HCL |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-16 14:16:54 UTC |
| Updated | 2026-07-16 17:16:18 UTC |
| Description | HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to bypass controls and gain unauthorized access to targeted user accounts. |
Risk And Classification
Primary CVSS: v3.1 5.5 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Problem Types: CWE-294 | CWE-294 CWE-294: Exposure of Sensitive Information to an Unauthorized Actor
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 5.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
| 3.1 | CNA | CVSS | 5.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
LowIntegrity
LowAvailability
LowCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | HCL Software | DFXAnalytics | affected version 3.0 and below | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.hcl-software.com/csm | [email protected] | support.hcl-software.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.