CVE-2022-38656: HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability
First published: Fri Nov 04 2022(Updated: )
HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltechsw Hcl Commerce | >=9.1.8<=9.1.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this HCL Commerce vulnerability?
The vulnerability ID for this HCL Commerce vulnerability is CVE-2022-38656.
What is the title of this HCL Commerce vulnerability?
The title of this HCL Commerce vulnerability is 'HCL Commerce when using Elasticsearch can allow a remote attacker to cause a denial of service attack.'
What is the severity rating of vulnerability CVE-2022-38656?
The severity rating of vulnerability CVE-2022-38656 is critical with a severity value of 9.8.
What is the affected software for vulnerability CVE-2022-38656?
The affected software for vulnerability CVE-2022-38656 is HCL Commerce version 9.1.8 to 9.1.11 when using Elasticsearch.
How can this vulnerability be exploited?
This vulnerability can be exploited by a remote attacker to cause a denial of service attack on the site and make administrative changes.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hcltechsw
- canonical/hcltechsw hcl commerce
- version/hcltechsw hcl commerce/9.1.8
- version/hcltechsw hcl commerce/9.1.11