Non-applicable vulnerabilities
The following is a list of security vulnerabilities that are related to
HCL Commerce and its companion and co-requisite software that are not
applicable, and therefore do not need to be addressed.The HCL Commerce team are aware of the following vulnerabilities, but no action is required
due to their lack of impact on HCL Commerce deployments. If any of the security
vulnerabilities listed on this page are flagged in a security scan of your HCL Commerce deployment, no action is required.
August 5, 2025
| CVE(s) | Applicable containers |
|---|---|
| CVE-2024-6763, CVE-2025-48924 | Search server
(search-app) |
| CVE-2025-22233, CVE-2024-29881, CVE-2021-23450, CVE-2020-5258, CVE-2018-15494 | Transaction server (ts-app) |
| CVE-2025-22233, CVE-2024-29881, CVE-2025-46392, CVE-2025-48924 |
Utility server
(ts-utils) |
| CVE-2025-22233, CVE-2025-46392, CVE-2025-48924 | Store server (crs-app) |
| CVE-2025-22233 | Approval-App (approval-app) |
| CVE-2025-31651, CVE-2025-31650, CVE-2025-22233 | Must-Gather server (mustgather-app) |
| CVE-2024-12801, CVE-2024-12798, CVE-2023-6378 | Elasticsearch Ingest server (ingest-app) |
| CVE-2025-5889 | Next.js store server (nextjs-app) |
| CVE-2025-5889 | GraphQL server (graphql-app) |
May 19, 2025
| CVE(s) | Applicable containers |
|---|---|
| CVE-2024-38828, CVE-2024-12798, CVE-2024-12801 | Must-Gather server (mustgather-app) |
| CVE-2024-38828, | Store server
(crs-app) |
| CVE-2024-38819, CVE-2024-38828, CVE-2024-12801, CVE-2024-12798 | Elasticsearch Search query server
(query-app) |
| CVE-2024-21538 | GraphQL server (graphql-app) |
| CVE-2024-38828, CVE-2025-22228, CVE-2025-22235 | Approval server (approval-app) |
| CVE-2025-24814, CVE-2024-52012 | Search server
(search-app) |
| CVE-2022-24614, CVE-2024-38828, CVE-2024-53677 | Utility server
(ts-utils) |
| CVE-2024-38828, CVE-2024-53677 | Transaction server (ts-app) |
December 4, 2024
| CVE(s) | Applicable containers |
|---|---|
| CVE-2024-38816, CVE-2024-38820 | Transaction server (ts-app) |
| CVE-2024-45216, CVE-2024-45217, CVE-2018-8026 | Search server
(search-app) |
| CVE-2024-28863, CVE-2024-43799 | GraphQL server (graphql-app) |
| CVE-2016-1000027, CVE-2024-38816, CVE-2024-38819, CVE-2024-38820 | Elasticsearch Ingest server (ingest-app) |
| CVE-2016-1000027, CVE-2024-38816, CVE-2024-38819, CVE-2024-38820, CVE-2023-6378, CVE-2024-7254 | Elasticsearch Search query server
(query-app) |
| CVE-2024-23444, CVE-2024-38820, CVE-2024-38816, CVE-2024-38819 | Must-Gather server (mustgather-app) |
| CVE-2024-38816, CVE-2024-38819, CVE-2024-38820 | Store server
(crs-app) |
| CVE-2024-38820, CVE-2024-38816, CVE-2024-38819 | Approval server (approval-app) |
August 30, 2024
| CVE(s) | Applicable containers |
|---|---|
| CVE-2024-30171, CVE-2024-30172, CVE-2023-33202, CVE-2024-29857, CVE-2023-33201, CVE-2023-33202, CVE-2024-22262, CVE-2016-1000027, CVE-2020-11023, CVE-2020-7656, CVE-2019-11358, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 | Transaction server (ts-app) |
| CVE-2022-1471, CVE-2018-8026 | Search server
(search-app) |
| CVE-2024-28863 | GraphQL server (graphql-app) |
| CVE-2022-1471, CVE-2024-22262, CVE-2016-1000027, CVE-2018-8026, CVE-2020-11023, CVE-2020-7656, CVE-2019-11358 | Utility server
(ts-utils) |
| CVE-2024-23944, CVE-2018-25031 | Elasticsearch Ingest server (ingest-app) |
| CVE-2016-1000027 | Elasticsearch NiFi server (nifi-app) |
| CVE-2020-11979, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373, CVE-2024-34750 | Must-Gather server (mustgather-app) |
| CVE-2020-11979, CVE-2024-34750, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373 | Tooling Web server (tooling-web) |
| CVE-2020-11979, CVE-2024-34750, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373 | Store server
(crs-app) |