CVE-2021-27751 - OpenCVE

HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltechsw	Hcl Commerce

Configuration 1 [-]

OR	cpe:2.3:a:hcltechsw:hcl_commerce::::::::
	cpe:2.3:a:hcltechsw:hcl_commerce::::::::
	cpe:2.3:a:hcltechsw:hcl_commerce::::::::

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2022-05-06T18:10:26.603495Z

Updated: 2024-09-16T22:09:06.365Z

Reserved: 2021-02-26T00:00:00

Link: CVE-2021-27751

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-06T18:15:08.493

Modified: 2022-05-16T18:42:36.487

Link: CVE-2021-27751

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HCL Commerce", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "8.0 - 8.0.4.27"}, {"status": "affected", "version": "9.0 - 9.0.1.17"}, {"status": "affected", "version": "9.1.0 - 9.1.8"}]}], "datePublic": "2022-04-05T00:00:00", "descriptions": [{"lang": "en", "value": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-06T18:10:26", "orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}], "source": {"discovery": "UNKNOWN"}, "title": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability.", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@hcl.com", "DATE_PUBLIC": "2022-04-05T00:00:00.000Z", "ID": "CVE-2021-27751", "STATE": "PUBLIC", "TITLE": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HCL Commerce", "version": {"version_data": [{"version_value": "8.0 - 8.0.4.27"}, {"version_value": "9.0 - 9.0.1.17"}, {"version_value": "9.1.0 - 9.1.8"}]}}]}, "vendor_name": "HCL Software"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613 Insufficient Session Expiration"}]}]}, "references": {"reference_data": [{"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650", "refsource": "MISC", "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:26:10.743Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}]}]}, "cveMetadata": {"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "assignerShortName": "HCL", "cveId": "CVE-2021-27751", "datePublished": "2022-05-06T18:10:26.603495Z", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2024-09-16T22:09:06.365Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB00B3BA-3619-4A21-A3EB-050229E0B6F3", "versionEndExcluding": "8.0.4.28", "versionStartIncluding": "8.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F5E08CF-809F-489B-A530-1A7B401DBA3C", "versionEndExcluding": "9.0.1.18", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltechsw:hcl_commerce:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4A5C14F-CB83-494C-A261-7F2BC9CBBBF1", "versionEndExcluding": "9.1.9", "versionStartIncluding": "9.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible."}, {"lang": "es", "value": "HCL Commerce est\u00e1 afectado por una vulnerabilidad de Expiraci\u00f3n de Sesi\u00f3n Insuficiente. Despu\u00e9s de que la sesi\u00f3n expira, en algunas circunstancias, partes de la aplicaci\u00f3n siguen siendo accesibles"}], "id": "CVE-2021-27751", "lastModified": "2022-05-16T18:42:36.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "psirt@hcl.com", "type": "Secondary"}]}, "published": "2022-05-06T18:15:08.493", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "psirt@hcl.com", "type": "Secondary"}]}