Vulnerabilities > CVE-2021-27751 - Insufficient Session Expiration vulnerability in Hcltechsw HCL Commerce

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

hcltechsw

CWE-613

NVD

Published: 2022-05-06

Updated: 2022-05-16

Summary

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

Vulnerable Configurations

Part	Description	Count
Application	Hcltechsw Hcltechsw HCL Commerce * Hcltechsw HCL Commerce 9.0.0.5 Hcltechsw HCL Commerce 9.0.0.13 Hcltechsw HCL Commerce 9.0.1.0 Hcltechsw HCL Commerce 9.0.1.1 Hcltechsw HCL Commerce 9.0.1.2 Hcltechsw HCL Commerce 9.0.1.3 Hcltechsw HCL Commerce 9.0.1.4 Hcltechsw HCL Commerce 9.0.1.5 Hcltechsw HCL Commerce 9.0.1.6 Hcltechsw HCL Commerce 9.0.1.7 Hcltechsw HCL Commerce 9.0.1.8 Hcltechsw HCL Commerce 9.0.1.9 Hcltechsw HCL Commerce 9.0.1.10 Hcltechsw HCL Commerce 9.0.1.11 Hcltechsw HCL Commerce 9.0.1.12 Hcltechsw HCL Commerce 9.0.1.13 Hcltechsw HCL Commerce 9.0.1.14 Hcltechsw HCL Commerce 9.1.1.0 Hcltechsw HCL Commerce 9.1.2.0 Hcltechsw HCL Commerce 9.1.3.0 Hcltechsw HCL Commerce 9.1.4.0	22

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650