Lucene search

HCLCVELIST:CVE-2022-38656

HistoryNov 04, 2022 - 8:58 p.m.

CVE-2022-38656 HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability

2022-11-0420:58:47

HCL

www.cve.org

hcl commerce

denial of service

vulnerability

elasticsearch

remote attacker

administrative changes

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HCL Commerce",
    "vendor": "HCL Software",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.8 - 9.1.11"
      }
    ]
  }
]

References

support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101265

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

9.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVELIST:CVE-2022-38656