CVE Vulnerabilities

CVE-2021-27785

Insufficiently Protected Credentials

Published: Jul 30, 2022 | Modified: Aug 10, 2022
CVSS 3.x
5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

HCL Commerces Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

Name Vendor Start Version End Version
Hcl_commerce Hcltechsw 9.1.0 9.1.10
Hcl_commerce Hcltechsw 9.0.1 9.0.1.18

Potential Mitigations

References