{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-55277", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2025-08-12T07:00:17.742Z", "datePublished": "2026-03-26T12:45:23.668Z", "dateUpdated": "2026-03-26T13:22:15.944Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-26T12:45:23.668Z"}, "title": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability", "datePublic": "2026-03-26T13:44:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1104", "description": "CWE-1104 Use of Unmaintained Third-Party Components", "type": "CWE"}]}], "affected": [{"vendor": "HCL", "product": "Aftermarket DPC", "versions": [{"status": "affected", "version": "version 1.0.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application."}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 2.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:22:09.543975Z", "id": "CVE-2025-55277", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:22:15.944Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55277", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T13:22:09.543975Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:22:12.492Z"}}], "cna": {"title": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "HCL", "product": "Aftermarket DPC", "versions": [{"status": "affected", "version": "version 1.0.0"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-26T13:44:00.000Z", "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.", "supportingMedia": [{"type": "text/html", "value": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1104", "description": "CWE-1104 Use of Unmaintained Third-Party Components"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2026-03-26T12:45:23.668Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55277", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:22:15.944Z", "dateReserved": "2025-08-12T07:00:17.742Z", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "datePublished": "2026-03-26T12:45:23.668Z", "assignerShortName": "HCL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application."}], "id": "CVE-2025-55277", "lastModified": "2026-03-26T20:23:30.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T13:16:27.487", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1104"}], "source": "psirt@hcl.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.0.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Aftermarket DPC", "source": "cna", "vendor": "HCL"}, "product": "aftermarket_dpc", "vendor": "hcl"}], "analysis": {"en": {"generated_at": "2026-03-26T21:55:16.404636+00:00", "value": {"mitigation_remediation": ["Verify the exact version of Aftermarket DPC that is deployed", "Consult the HCL support portal for any patches or updated releases", "Apply the latest patch or upgrade to a non\u2011vulnerable release", "Restart any affected services or the entire application as required", "Monitor the application logs for unusual activity and confirm the vulnerability is remediated"], "summary": {"action": "Update", "impact": "Potential exploitation via outdated components"}, "threat_synthesis": {"affected_systems": "The affected product is HCL Aftermarket DPC, version 1.0.0 and earlier releases that contain the vulnerable components. The product is distributed by HCL Technologies and delivered as a cloud\u2011based service, potentially impacting any deployment of this application.", "description_and_impact": "HCL Aftermarket DPC is vulnerable because it incorporates components that are known to be outdated or vulnerable, a weakness represented by the Use of Vulnerable/Outdated Versions flaw. An attacker could leverage publicly available exploits for those components and craft attacks that target the application itself. The impact could include loss of system functionality and possible exposure of organizational data. This flaw is classified as CWE\u20111104.", "risk_and_exploitability": "The CVSS score of 2.6 indicates low to moderate severity. EPSS data is not available, so the prevalence of active exploitation cannot be determined, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is remote, using exposed application interfaces to trigger known exploits against the underlying components. Overall risk remains low to moderate unless a high\u2011impact exploit is discovered for the specific component version in use."}}}}, "created": "2026-03-27T08:35:55.396121+00:00", "updated": "2026-03-27T09:28:38.364352+00:00", "vendors": ["hcl", "hcl$PRODUCT$aftermarket_dpc"]}