GCVE - cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hcltechsw (`ba9bc489-c06a-5f16-aa3c-2bd0521574c9`)
Product	Hcl Commerce (`988e009c-5e2e-56e8-ac2c-d5a875b0b094`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-23576`	vulnerable	2026-06-08 06:29:39.961380	db.gcve.eu details are currently unavailable. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38656`	vulnerable	2026-06-08 05:47:16.772207	HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability HIGH (8.6) HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. Published: 2022-11-04T20:58:47.868Z Updated: 2025-05-02T18:35:00.618Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101265	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27785`	vulnerable	2026-06-08 05:31:22.163601	HCL Commerce could allow a local attacker to obtain sensitive personal information (CVE-2021-27785) LOW (3.9) HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. Published: 2022-07-29T23:55:10.012Z Updated: 2024-09-16T19:05:29.360Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099765	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27751`	vulnerable	2026-06-08 05:31:22.109306	HCL Commerce is affected by an Insufficient Session Expiration vulnerability. MEDIUM (4.4) HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. Published: 2022-05-06T18:10:26.603Z Updated: 2024-09-16T22:09:06.365Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27741`	vulnerable	2026-06-08 05:31:22.105697	Details available " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" Published: 2021-08-13T13:20:44.000Z Updated: 2024-08-03T21:26:10.806Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0089834	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14275`	vulnerable	2026-06-08 05:19:22.838692	Details available Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. Published: 2021-01-12T14:26:58.000Z Updated: 2024-08-04T12:39:36.248Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086271	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-14274`	vulnerable	2026-06-08 05:19:22.838263	Details available Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. Published: 2021-01-12T14:29:53.000Z Updated: 2024-08-04T12:39:36.227Z Open on db.gcve.eu Reference links https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086183	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.