CVE-2021-27785
LOWHCL Commerce 9.0.1-9.0.1.17 - Insufficiently Protected Credentials
Title source: llmDescription
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099765
Scores
CVSS v3
3.9
EPSS
0.0017
EPSS Percentile
7.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-522
Status
published
Products (1)
hcltechsw/hcl_commerce
9.0.1 - 9.0.1.18
Published
Jul 30, 2022
Tracked Since
Feb 18, 2026