Non-applicable vulnerabilities

The following is a list of security vulnerabilities that are related to HCL Commerce and its companion and co-requisite software that are not applicable, and therefore do not need to be addressed.The HCL Commerce team are aware of the following vulnerabilities, but no action is required due to their lack of impact on HCL Commerce deployments. If any of the security vulnerabilities listed on this page are flagged in a security scan of your HCL Commerce deployment, no action is required.

Non-applicable vulnerabilities

A number of software vulnerabilities that have been identified do not apply to HCL Commerce.


CVE(s)	Applicable containers
CVE-2024-30171, CVE-2024-30172, CVE-2023-33202, CVE-2024-29857, CVE-2023-33201, CVE-2023-33202, CVE-2024-22262, CVE-2016-1000027, CVE-2020-11023, CVE-2020-7656, CVE-2019-11358, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160	Transaction server (`ts-app`)
CVE-2022-1471, CVE-2018-8026	Search server (`search-app`)
CVE-2024-28863	GraphQL server
CVE-2022-1471, CVE-2024-22262, CVE-2016-1000027, CVE-2018-8026, CVE-2020-11023, CVE-2020-7656, CVE-2019-11358	Utility server (`ts-utils`)
CVE-2024-23944, CVE-2018-25031	Elasticsearch Ingest server (`ingest-app`)
CVE-2016-1000027	Elasticsearch NiFi server (`nifi-app`)
CVE-2020-11979, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373, CVE-2024-34750	MustGather server (`commerce-mustgather`)
CVE-2020-11979, CVE-2024-34750, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373	Tooling Web server (`tooling-web`)
CVE-2020-11979, CVE-2024-34750, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373	Store server (`crs-app`)