Skip to main content

Hcl Commerce

3 CVEs product

Monthly

CVE-2024-23576 HIGH This Week

Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Hcl Commerce
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-38656 CRITICAL Act Now

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Hcl Commerce
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-27741 CRITICAL Act Now

" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Hcl Commerce
NVD
CVSS 3.1
9.1
EPSS
1.2%
EPSS 0% CVSS 7.1
HIGH This Week

Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Denial Of Service Hcl Commerce
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Elastic Hcl Commerce
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

" Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection". Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Hcl Commerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy