CVE-2021-27751 - OpenCVE

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Hcltechsw	Hcl Commerce

Configuration 1 [-]

OR	cpe:2.3:a:hcltechsw:hcl_commerce::::::::
	cpe:2.3:a:hcltechsw:hcl_commerce::::::::
	cpe:2.3:a:hcltechsw:hcl_commerce::::::::

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HCL

Published: 2022-04-05T00:00:00

Updated: 2022-05-06T18:10:26

Reserved: 2021-02-26T00:00:00

Link: CVE-2021-27751

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-06T18:15:08.493

Modified: 2022-05-16T18:42:36.487

Link: CVE-2021-27751

JSON object: View

Redhat Information

No data.

CWE

CWE-613

{"containers": {"cna": {"affected": [{"product": "HCL Commerce", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "8.0 - 8.0.4.27"}, {"status": "affected", "version": "9.0 - 9.0.1.17"}, {"status": "affected", "version": "9.1.0 - 9.1.8"}]}], "datePublic": "2022-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-06T18:10:26", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability.", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "DATE_PUBLIC": "2022-04-05T00:00:00.000Z", "ID": "CVE-2021-27751", "STATE": "PUBLIC", "TITLE": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HCL Commerce", "version": {"version_data": [{"version_value": "8.0 - 8.0.4.27"}, {"version_value": "9.0 - 9.0.1.17"}, {"version_value": "9.1.0 - 9.1.8"}]}}]}, "vendor_name": "HCL Software"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613 Insufficient Session Expiration"}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2021-27751", "datePublished": "2022-04-05T00:00:00", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2022-05-06T18:10:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB00B3BA-3619-4A21-A3EB-050229E0B6F3", "versionEndExcluding": "8.0.4.28", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F5E08CF-809F-489B-A530-1A7B401DBA3C", "versionEndExcluding": "9.0.1.18", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4A5C14F-CB83-494C-A261-7F2BC9CBBBF1", "versionEndExcluding": "9.1.9", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible."}, {"lang": "es", "value": "HCL Commerce est\u00e1 afectado por una vulnerabilidad de Expiraci\u00f3n de Sesi\u00f3n Insuficiente. Despu\u00e9s de que la sesi\u00f3n expira, en algunas circunstancias, partes de la aplicaci\u00f3n siguen siendo accesibles"}], "id": "CVE-2021-27751", "lastModified": "2022-05-16T18:42:36.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-05-06T18:15:08.493", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "psirt@hcl.com", "type": "Secondary"}]}