Vulnerabilities > CVE-2021-27751 - Insufficient Session Expiration vulnerability in Hcltechsw HCL Commerce

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

hcltechsw

CWE-613

NVD

Published: 2022-05-06

Updated: 2022-05-16

Summary

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

Vulnerable Configurations

Part	Description	Count
Application	Hcltechsw Hcltechsw HCL Commerce 8.0.0.0 Hcltechsw HCL Commerce 8.0.4.27 Hcltechsw HCL Commerce 9.0.0.0 Hcltechsw HCL Commerce 9.0.0.5 Hcltechsw HCL Commerce 9.0.0.13 Hcltechsw HCL Commerce 9.0.1.0 Hcltechsw HCL Commerce 9.0.1.1 Hcltechsw HCL Commerce 9.0.1.2 Hcltechsw HCL Commerce 9.0.1.3 Hcltechsw HCL Commerce 9.0.1.4 Hcltechsw HCL Commerce 9.0.1.5 Hcltechsw HCL Commerce 9.0.1.6 Hcltechsw HCL Commerce 9.0.1.7 Hcltechsw HCL Commerce 9.0.1.8 Hcltechsw HCL Commerce 9.0.1.9 Hcltechsw HCL Commerce 9.0.1.10 Hcltechsw HCL Commerce 9.0.1.11 Hcltechsw HCL Commerce 9.0.1.12 Hcltechsw HCL Commerce 9.0.1.13 Hcltechsw HCL Commerce 9.0.1.14 Hcltechsw HCL Commerce 9.0.1.17 Hcltechsw HCL Commerce 9.1.0 Hcltechsw HCL Commerce 9.1.1.0 Hcltechsw HCL Commerce 9.1.2.0 Hcltechsw HCL Commerce 9.1.3.0 Hcltechsw HCL Commerce 9.1.4.0 Hcltechsw HCL Commerce 9.1.8	27

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650