CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27551 – HCL Launch could allow an authenticated user to obtain sensitive information (CVE-2022-27551)
https://notcve.org/view.php?id=CVE-2022-27551
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. HCL Launch podría permitir a un usuario autenticado obtener información confidencial en algunos casos debido a una comprobación de seguridad inapropiada • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099732 • CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27785 – HCL Commerce could allow a local attacker to obtain sensitive personal information (CVE-2021-27785)
https://notcve.org/view.php?id=CVE-2021-27785
HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. El servidor de la tienda remota de HCL Commerce podría permitir a un atacante local obtener información personal confidencial. La vulnerabilidad requiere que la víctima lleve a cabo primero una operación determinada en el sitio web • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099765 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27549 – HCL Launch could disclose sensitive database information to a local user in plain text.
https://notcve.org/view.php?id=CVE-2022-27549
HCL Launch may store certain data for recurring activities in a plain text format. HCL Launch puede almacenar determinados datos para actividades recurrentes en un formato de texto plano • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099254 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-27548 – HCL Launch is vulnerable to information disclosure which can be read by a local user.
https://notcve.org/view.php?id=CVE-2022-27548
HCL Launch stores user credentials in plain clear text which can be read by a local user. HCL Launch almacena las credenciales de los usuarios en texto sin cifrar que puede ser leído por un usuario local • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0099253 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27751 – HCL Commerce is affected by an Insufficient Session Expiration vulnerability.
https://notcve.org/view.php?id=CVE-2021-27751
HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. HCL Commerce está afectado por una vulnerabilidad de Expiración de Sesión Insuficiente. Después de que la sesión expira, en algunas circunstancias, partes de la aplicación siguen siendo accesibles • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097650 • CWE-613: Insufficient Session Expiration •