Lucene search

K
cveHCLCVE-2023-37532
HistoryOct 23, 2023 - 5:15 p.m.

CVE-2023-37532

2023-10-2317:15:08
CWE-22
HCL
web.nvd.nist.gov
31
hcl commerce
remote store server
cve-2023-37532
vulnerability
nvd
security
remote attack
file access

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

28.0%

HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.

Affected configurations

Nvd
Node
hcltechcommerceRange9.1.89.1.13.2
VendorProductVersionCPE
hcltechcommercecpe:/a:hcltech:commerce::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Commerce",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.8 – 9.1.13.2"
      }
    ]
  }
]

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

28.0%

Related for CVE-2023-37532