Description
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- HCL Software / HCL Commerce8.0 - 8.0.4.27 – 8.0 - 8.0.4.27
- HCL Software / HCL Commerce9.0 - 9.0.1.17 – 9.0 - 9.0.1.17
- HCL Software / HCL Commerce9.1.0 - 9.1.8 – 9.1.0 - 9.1.8