CVE-2024-23576

HIGH

HCL Commerce 9.1.12-9.1.13 - Improper Authorization

Title source: llm

Description

Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112907

Scores

CVSS v3 7.1

EPSS 0.0045

EPSS Percentile 35.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-285

Status published

Products (1)

hcltechsw/hcl_commerce 9.1.12 - 9.1.14

Published May 14, 2024

Tracked Since Feb 18, 2026