Non-applicable vulnerabilities

The following is a list of security vulnerabilities that are related to HCL Commerce and its companion and co-requisite software that are not applicable, and therefore do not need to be addressed.The HCL Commerce team are aware of the following vulnerabilities, but no action is required due to their lack of impact on HCL Commerce deployments. If any of the security vulnerabilities listed on this page are flagged in a security scan of your HCL Commerce deployment, no action is required.

December 4, 2024

CVE(s) Applicable containers
CVE-2024-38816, CVE-2024-38820 Transaction server (ts-app)
CVE-2024-45216, CVE-2024-45217, CVE-2018-8026 Search server (search-app)
CVE-2024-28863, CVE-2024-43799 GraphQL server (graphql-app)
CVE-2016-1000027, CVE-2024-38816, CVE-2024-38819, CVE-2024-38820 Elasticsearch Ingest server (ingest-app)
CVE-2016-1000027, CVE-2024-38816, CVE-2024-38819, CVE-2024-38820, CVE-2023-6378, CVE-2024-7254 Elasticsearch Search query server (query-app)
CVE-2024-23444, CVE-2024-38820, CVE-2024-38816, CVE-2024-38819 MustGather server (commerce-mustgather)
CVE-2024-38816, CVE-2024-38819, CVE-2024-38820 Store server (crs-app)
CVE-2024-38820, CVE-2024-38816, CVE-2024-38819 Approval server (Approval-app)

August 30, 2024

CVE(s) Applicable containers
CVE-2024-30171, CVE-2024-30172, CVE-2023-33202, CVE-2024-29857, CVE-2023-33201, CVE-2023-33202, CVE-2024-22262, CVE-2016-1000027, CVE-2020-11023, CVE-2020-7656, CVE-2019-11358, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 Transaction server (ts-app)
CVE-2022-1471, CVE-2018-8026 Search server (search-app)
CVE-2024-28863 GraphQL server (graphql-app)
CVE-2022-1471, CVE-2024-22262, CVE-2016-1000027, CVE-2018-8026, CVE-2020-11023, CVE-2020-7656, CVE-2019-11358 Utility server (ts-utils)
CVE-2024-23944, CVE-2018-25031 Elasticsearch Ingest server (ingest-app)
CVE-2016-1000027 Elasticsearch NiFi server (nifi-app)
CVE-2020-11979, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373, CVE-2024-34750 MustGather server (commerce-mustgather)
CVE-2020-11979, CVE-2024-34750, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373 Tooling Web server (tooling-web)
CVE-2020-11979, CVE-2024-34750, CVE-2020-1945, CVE-2021-36374, CVE-2021-36373 Store server (crs-app)