CVE-2021-27785

LOW

HCL Commerce - Info Disclosure

Title source: llm

Description

HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.

References (1)

[Vendor Advisory] https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099765

Scores

CVSS v3 3.9

EPSS 0.0006

EPSS Percentile 19.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Classification

CWE

CWE-522

Status published

Affected Products (1)

hcltechsw/hcl_commerce < 9.0.1.18

Timeline

Published Jul 30, 2022

Tracked Since Feb 18, 2026