Hcltechsw Hcl_commerce
7 CVEs affecting Hcltechsw Hcl_commerce. Latest disclosed: 2024-05-14. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-14275 | Critical | 9.8 | 2021-01-12 | Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of us… |
CVE-2021-27741 | Critical | 9.1 | 2021-08-13 | " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" |
CVE-2022-38656 | High | 8.6 | 2022-12-12 | HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. |
CVE-2020-14274 | High | 7.5 | 2021-01-12 | Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data… |
CVE-2024-23576 | High | 7.1 | 2024-05-14 | Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized admini… |
CVE-2021-27751 | Medium | 4.4 | 2022-05-06 | HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are st… |
CVE-2021-27785 | Low | 3.9 | 2022-07-30 | HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perfor… |