Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Commerce by HCL Software
CVE-2024-23576 (GCVE-0-2024-23576)
Vulnerability from nvd – Published: 2024-05-13 21:28 – Updated: 2024-08-01 23:06
VLAI?
Title
HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability
Summary
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
Severity ?
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Commerce |
Affected:
9.1.12, 9.1.13
|
Date Public ?
2024-05-13 20:58
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "commerce",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "9.1.12"
},
{
"status": "affected",
"version": "9.1.13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:25:23.770574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:53:20.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Commerce",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.1.12, 9.1.13"
}
]
}
],
"datePublic": "2024-05-13T20:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T21:28:44.325Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112907"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-23576",
"datePublished": "2024-05-13T21:28:44.325Z",
"dateReserved": "2024-01-18T07:29:59.077Z",
"dateUpdated": "2024-08-01T23:06:25.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23576 (GCVE-0-2024-23576)
Vulnerability from cvelistv5 – Published: 2024-05-13 21:28 – Updated: 2024-08-01 23:06
VLAI?
Title
HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability
Summary
Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.
Severity ?
7.1 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | Commerce |
Affected:
9.1.12, 9.1.13
|
Date Public ?
2024-05-13 20:58
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcl_software:commerce:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "commerce",
"vendor": "hcl_software",
"versions": [
{
"status": "affected",
"version": "9.1.12"
},
{
"status": "affected",
"version": "9.1.13"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:25:23.770574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:53:20.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Commerce",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.1.12, 9.1.13"
}
]
}
],
"datePublic": "2024-05-13T20:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T21:28:44.325Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0112907"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL Commerce is potentially affected by a denial of service and information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2024-23576",
"datePublished": "2024-05-13T21:28:44.325Z",
"dateReserved": "2024-01-18T07:29:59.077Z",
"dateUpdated": "2024-08-01T23:06:25.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}