Vulnerability Details CVE-2026-35140
HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive cookies, session tokens, or credentials sent in cleartext over unencrypted channels.
Exploit prediction scoring system (EPSS) score
CVSS Severity
CVSS v3 Score 3.0