CVE-2026-35149: CWE-294: Authentication Bypass by Capture-replay in HCL Software DFXServer
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification.
AI Analysis
Technical Summary
CVE-2026-35149 describes an authentication bypass vulnerability in HCL DFXServer. The flaw allows an attacker to manipulate intercepted server authentication responses to bypass verification and gain unauthorized access. This is a network attack vector with low attack complexity and no privileges or user interaction required. The impact includes high confidentiality impact and low integrity impact, with no availability impact. The vulnerability is categorized as CWE-294 (Authentication Bypass). No official remediation or patch information is provided in the available data.
Potential Impact
An attacker can gain unauthorized access to the HCL DFXServer application without valid credentials by manipulating server authentication responses. This compromises confidentiality by exposing potentially sensitive data. Integrity impact is low, and availability is not affected. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is provided, users should monitor HCL Software advisories for updates. Until a fix is available, consider restricting network access to the DFXServer and employing network-level protections to prevent interception and manipulation of authentication traffic.
CVE-2026-35149: CWE-294: Authentication Bypass by Capture-replay in HCL Software DFXServer
Description
HCL DFXServer is affected by an Authentication Bypass vulnerability via server response manipulation. An unauthorized user without valid credentials can exploit this flaw by intercepting and altering the server's authentication responses, allowing them to gain unauthorized access to the application without verification.
CVSS v3.1
Score 8.2high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35149 describes an authentication bypass vulnerability in HCL DFXServer. The flaw allows an attacker to manipulate intercepted server authentication responses to bypass verification and gain unauthorized access. This is a network attack vector with low attack complexity and no privileges or user interaction required. The impact includes high confidentiality impact and low integrity impact, with no availability impact. The vulnerability is categorized as CWE-294 (Authentication Bypass). No official remediation or patch information is provided in the available data.
Potential Impact
An attacker can gain unauthorized access to the HCL DFXServer application without valid credentials by manipulating server authentication responses. This compromises confidentiality by exposing potentially sensitive data. Integrity impact is low, and availability is not affected. No known exploits have been reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary mitigation is provided, users should monitor HCL Software advisories for updates. Until a fix is available, consider restricting network access to the DFXServer and employing network-level protections to prevent interception and manipulation of authentication traffic.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- HCL
- Date Reserved
- 2026-04-01T16:32:01.022Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a58c4f468715ace43f51793
Added to database: 07/16/2026, 11:48:04 UTC
Last enriched: 07/16/2026, 12:02:28 UTC
Last updated: 07/16/2026, 21:04:28 UTC
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.