Security bulletins
HCL Commerce security bulletins detail vulnerabilities in HCL Commerce or its companion software, providing risk assessment information to help organizations gauge potential impact.
To avoid preventable security issues, it is recommended that you stay up to date on the most current maintenance options for your products.
Important: For up to date bulletins, subscribe to the following services:
- The HCL PSIRT blog for HCL Commerce security bulletins.
- IBM software support updates, for IBM companion software security bulletins.
| Date of publication | CVE(s) | Vulnerability | Affected software |
|---|---|---|---|
| October 24, 2025 | CVE-2017-15422, CVE-2017-7868, CVE-2011-4599, CVE-2014-7923, CVE-2017-7867, CVE-2016-6293, CVE-2017-15396, CVE-2020-21913, CVE-2020-10531, CVE-2016-7415, CVE-2017-17484, CVE-2017-14952, CVE-2024-52894, CVE-2025-33092, CVE-2025-36071, CVE-2024-49828, CVE-2025-33143, CVE-2025-30472, CVE-2024-52894, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database |
| September 4, 2025 | CVE-2023-33850 | A security vulnerability in IBM Runtime Environment, Java Technology Edition provided with IBM Security | IBM Security Directory Suite included in: HCL Commerce 9.1.0.0 - 9.1.18.1 |
| September 4, 2025 | CVE-2022-32754 | A security vulnerability discovered in IBM Security Directory Server may affect HCL Commerce | IBM Security Verify Directory included in: HCL Commerce 9.1.0.0 - 9.1.18.1 |
| August 5, 2025 | CVE-2025-27907, CVE-2025-25193, CVE-2024-56339, CVE-2025-23184, CVE-2025-33104, CVE-2025-21587, CVE-2025-4447, CVE-2025-36097 | Multiple vulnerabilities that affect IBM® WebSphere Application Server and IBM WebSphere Application Server Liberty may affect HCL Commerce | WebSphere Application Server and WebSphere Application Server Liberty
included in: HCL Commerce 9.1.0.0 - 9.1.18.1 |
| August 5, 2025 | CVE-2025-31651, CVE-2025-48976, CVE-2025-48988, CVE-2025-49125 , CVE-2025-46701, CVE-2024-29881 | Multiple vulnerabilities in open source components affect HCL Commerce |
HCL Commerce 9.1.0.0 - 9.1.18.1 |
| August 5, 2025 | CVE-2025-36038 | HCL Commerce which bundles IBM WebSphere Application Server is affected by arbitrary code execution | WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.18.1 |
| July 15, 2025 | CVE-2024-52903, CVE-2025-4447, CVE-2025-1000, CVE-2025-2518, CVE-2025-3050, CVE-2025-1992, CVE-2025-1493, CVE-2024-47535, CVE-2025-25193, CVE-2022-3510, CVE-2022-3509, CVE-2022-3171, CVE-2024-49350, CVE-2024-23454 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database |
| July 14, 2025 | CVE-2025-27820, CVE-2024-21534, CVE-2025-1302, CVE-2024-52798, CVE-2025-31672 | Multiple vulnerabilities in open source components affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.17.0 |
| May 20, 2025 | CVE-2024-21235 | A vulnerability in IBM Java SDK affects IBM WebSphere Application Server and IBM WebSphere Application Server Liberty and may affect HCL Commerce | IBM Java SDK included in: HCL Commerce 9.1.0.0 - 9.1.17.0 |
| December 4, 2024 | CVE-2024-45086, CVE-2024-45087, CVE-2024-45072, CVE-2024-45071, CVE-2023-50315, CVE-2023-50314, CVE-2024-45073 | Multiple vulnerabilities in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affect HCL Commerce | WebSphere Application Server V8.5.5 and WebSphere Application Server V8.5.5 Liberty
included in: HCL Commerce 9.1.0.0 - 9.1.16.x |
| December 4, 2024 | CVE-2024-22262, CVE-2024-47764, CVE-2024-47554 | Multiple vulnerabilities in open source components affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.16.0 |
| November 30, 2024 | CVE-2023-45178, CVE-2024-30172, CVE-2024-29857, CVE-2024-30171, CVE-2024-37529, CVE-2023-45853, CVE-2023-29267, CVE-2024-45663, CVE-2024-31881, CVE-2024-31880, CVE-2024-28762, CVE-2024-28757, CVE-2024-35152, CVE-2024-31882 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database |
| November 29, 2024 | CVE-2022-32751, CVE-2022-32753, CVE-2022-33165 | Multiple vulnerabilities in IBM Security Directory Suite and IBM Security Directory Server affect HCL Commerce | IBM Security Directory Suite included in: HCL Commerce 9.1.0.0 - 9.1.16.0 |
| November 1, 2024 | CVE-2024-37532, CVE-2023-51775, CVE-2024-35154, CVE-2024-22354, CVE-2023-50313, CVE-2024-25026, CVE-2024-35153, CVE-2024-22329, CVE-2024-38474, CVE-2024-38475, CVE-2024-38477, CVE-2024-24795, CVE-2023-38709, CVE-2024-39573, CVE-2024-40898, CVE-2024-40725, CVE-2024-38472, CVE-2024-38476, CVE-2024-38473 | Multiple vulnerabilities in IBM WebSphere Application Server, IBM WebSphere Application Server Liberty and IBM HTTP Server affect HCL Commerce | WebSphere Application Server, WebSphere Application Server V8.5.5 Liberty, and
IBM HTTP Server included in: HCL Commerce 9.1.0.0 - 9.1.15.0 |
| November 1, 2024 | CVE-2023-22081, CVE-2023-22067, CVE-2023-5676, CVE-2024-20918, CVE-2024-20952, CVE-2024-20921, CVE-2024-20945, CVE-2023-33850, CVE-2024-21011, CVE-2023-38264, CVE-2024-21147, CVE-2024-21140, CVE-2024-21144, CVE-2024-27267 | Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty | IBM Java SDK included in: HCL Commerce 9.1.0.0 - 9.1.15.0 |
| November 1, 2024 | CVE-2024-27268, CVE-2023-50312, CVE-2024-27270 | Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect HCL Commerce | WebSphere Application Server V8.5.5 Liberty included in: HCL Commerce 9.1.0.0 - 9.1.15.0 |
| August 30, 2024 | CVE-2023-6378, CVE-2023-6481, CVE-2024-37890, CVE-2023-46589, CVE-2024-37890, CVE-2024-4067, CVE-2024-4068, CVE-2024-38357, CVE-2024-38356 | Multiple vulnerabilities in open source components affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.15.0 |
| May 20, 2024 | CVE-2018-25032, CVE-2002-0059, CVE-2022-37434, CVE-2023-27859, CVE-2023-38003, CVE-2023-38727, CVE-2023-43020, CVE-2023-45178, CVE-2023-47158, CVE-2023-47145, CVE-2023-47701, CVE-2023-47746, CVE-2023-40687, CVE-2023-40692, CVE-2023-47747, CVE-2023-22081, CVE-2023-5676, CVE-2024-20952, CVE-2023-33850, CVE-2023-29258, CVE-2023-46167, CVE-2023-47141, CVE-2023-45193, CVE-2023-45178, CVE-2023-50308, CVE-2023-47152, CVE-2023-38729, CVE-2024-27254, CVE-2012-2677, CVE-2024-25046, CVE-2024-25030, CVE-2024-22360, CVE-2023-52296 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database |
| May 13, 2024 | CVE-2024-23576 | Potential denial of service and information disclosure vulnerability in HCL Commerce | HCL Commerce 9.1.12.0 and 9.1.13.0 |
| May 1, 2024 | CVE-2023-32342, CVE-2023-27554, CVE-2023-24966, CVE-2022-39161 | Multiple vulnerabilities in IBM WebSphere Application Server and IBM HTTP Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: HCL Commerce 9.1.0.0 - 9.1.12.0 |
| May 1, 2024 | CVE-2022-40609, CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-35890, CVE-2023-22, CVE-2023-22049045, CVE-2023-22049 | Multiple vulnerabilities in IBM WebSphere Application Server and IBM Java SDK affect HCL Commerce | WebSphere Application Server and IBM Java SDK included in: HCL Commerce 9.1.0.0 - 9.1.13.0 |
| March 6, 2024 | CVE-2023-44487, CVE-2023-46158 | Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect HCL Commerce | WebSphere Application Server V8.5.5 Liberty included in: HCL Commerce 9.1.0.0 - 9.1.14.0 |
| December 14, 2023 | CVE-2023-50164, CVE-2023-41835 | A vulnerability in Apache Struts 2 affects HCL Commerce | Apache Struts 2 included in: HCL Commerce 9.1.0 - 9.1.15.0 |
| December 13, 2023 | CVE-2023-44487, CVE-2023-45648, CVE-2023-42795 | Multiple vulnerabilities in Apache Tomcat affect HCL Commerce | Apache Tomcat included in: HCL Commerce 9.1.12 - 9.1.14 |
| December 13, 2023 | CVE-2023-45818, CVE-2023-48219 | Multiple vulnerabilities in TinyMCE affect HCL Commerce | TinyMCE included in: HCL Commerce 9.1.14.0 - 9.1.14.1 |
| December 13, 2023 | CVE-2023-5072 | A vulnerability in JSON-Java affects HCL Commerce | JSON-Java included in: HCL Commerce 9.1.0.0 - 9.1.14.0 |
| November 27, 2023 | CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 | Multiple vulnerabilities in jQuery-UI affect HCL Commerce | jQuery included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| November 7, 2023 | CVE-2016-3012, CVE-2020-11022, CVE-2012-6708, CVE-2019-11358, CVE-2015-9251, CVE-2020-11023, CVE-2018-1838, CVE-2015-5041 | Multiple vulnerabilities in IBM Security Directory Suite affect HCL Commerce | IBM Security Directory Suite included in: HCL Commerce version 9.1.0.0 - 9.1.18.0 |
| October 23, 2023 | CVE-2023-37532 | A path traversal vulnerability affects HCL Commerce | HCL Commerce 9.1.8.0 - 9.1.13.2 |
| September 19, 2023 | WS-2021-0646 | A vulnerability in Apache Lucene affects HCL Commerce with Elasticsearch | Apache Lucene included in: HCL Commerce 9.1.0.0 - 9.1.13.2 |
| July 20, 2023 | CVE-2023-3446, CVE-2023-2976, WS-2021-0646 | Multiple vulnerabilities in open source libraries affect HCL Commerce with Elasticsearch | HCL Commerce 9.1.0.0 - 9.1.13.1 |
| June 23, 2023 | CVE-2023-24998, CVE-2023-26283 | Multiple vulnerabilities in IBM WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.12.0 |
| June 23, 2023 | CVE-2023-30441, CVE-2023-25690 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with IBM WebSphere Application Server affect HCL Commerce | IBM Java SDK and IBM HTTP Server included in: HCL Commerce 9.1.0.0 - 9.1.12.0 |
| June 5, 2023 | CVE-2023-23477, CVE-2022-22477, CVE-2022-38712, CVE-2022-34336, CVE-2022-40750, CVE-2022-34165, CVE-2022-35282, CVE-2022-22473 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| June 5, 2023 | CVE-2022-24839, CVE-2022-22476 | Multiple vulnerabilities in WebSphere Application Server Liberty affect HCL Commerce | WebSphere Application Server V8.5.5 Liberty included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| June 5, 2023 | CVE-2022-43680, CVE-2022-37436, CVE-2022-21541, CVE-2021-2163, CVE-2022-21540, CVE-2022-21626, CVE-2017-9233, CVE-2013-0340, CVE-2022-21624 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | IBM HTTP Server and WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| June 5, 2023 | CVE-2022-34917 | Vulnerabilities in Apache Kafka affect HCL Commerce | Apache Kafka included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| April 19, 2023 | CVE-2022-40674, CVE-2022-43680, CVE-2022-43930, CVE-2022-43929, CVE-2022-43927 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| November 28, 2022 | CVE-2022-22389, CVE-2022-35637, CVE-2022-22483, CVE-2022-22390 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database included in: HCL Commerce 9.1.0.0 - 9.1.11.0 |
| November 2, 2022 | CVE-2022-38656 | HCL Commerce, when using Elasticsearch, could be affected by a denial of service vulnerability | HCL Commerce 9.1.8.0 - 9.1.11.0 |
| September 20, 2022 | CVE-2022-26377, CVE-2022-28615, CVE-2022-28614, CVE-2022-29404, CVE-2022-31813, CVE-2022-30556 | Multiple vulnerabilities in IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | IBM HTTP Server and WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.10.0 |
| July 29, 2022 | CVE-2021-27785 | HCL Commerce could allow a local attacker - obtain sensitive personal information | HCL Commerce 9.1.0.0 - 9.1.10.0 |
| July 21, 2022 | CVE-2021-31805, CVE-2022-24839, CVE-2022-2950 | Multiple vulnerabilities in open source components affect HCL Commerce | Apache Struts 2, org.cyberneko.html included in: HCL Commerce 9.1.0.0 - 9.1.10.0 |
| July 21, 2022 | CVE-2020-36518 | Jackson-databind vulnerability affects HCL Commerce | jackson-databind included in: HCL Commerce 9.1.0.0 - 9.1.10.0 |
| July 21, 2022 | CVE-2022-22475, CVE-2021-46708, CVE-2022-22393 | Multiple vulnerabilities in WebSphere Application Server Liberty affect HCL Commerce | WebSphere Application Server V8.5.5 Liberty included in: HCL Commerce 9.1.0.0 - 9.1.10.0 |
| July 21, 2022 | CVE-2022-22721, CVE-2022-22720, CVE-2022-22365, CVE-2022-22719 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce | IBM HTTP Server and WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.10.0 |
| July 5, 2022 | CVE-2022-25315, CVE-2021-35550, CVE-2022-25313, CVE-2022-21340, CVE-2022-25236, CVE-2021-35603, CVE-2022-25235 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | IBM Java SDK and IBM HTTP Server included in: HCL Commerce 9.1.0.0 - 9.1.9.0 |
| July 5, 2022 | CVE-2021-39038 | A vulnerability in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: HCL Commerce 9.1.0.0 - 9.1.9.0 |
| June 2, 2022 | WS-2021-0616, CVE-2021-22096 | Multiple vulnerabilities in open source components affect HCL Commerce | jackson-databind, Spring Framework included in: HCL Commerce 9.1.0.0 - 9.1.9.0 |
| April 19, 2022 | CVE-2021-41035,CVE-2021-35560, CVE-2021-2388, CVE-2021-35578, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341 | Multiple vulnerabilities in IBM Security Directory Suite affect HCL Commerce | IBM Security Directory Suite included in: HCL Commerce version 9.1 |
| April 19, 2022 | CVE-2022-23307, CVE-2022-23437, CVE-2021-22060 | Multiple vulnerabilities in open source components affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.9.0 |
| April 19, 2022 | CVE-2022-0198, CVE-2021-43797, CVE-2022-0235 | Multiple vulnerabilities in open source components affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.9.0 |
| April 9, 2022 | CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.9.0 |
| April 5, 2022 | CVE-2021-27751 | HCL Commerce is affected by Insufficient Session Expiration vulnerability | HCL Commerce 9.1.0.0 - 9.1.8.0 |
| April 4, 2022 | CVE-2021-40438, CVE-2021-45046, CVE-2021-4104, CVE-2021-36090, CVE-2021-38951, CVE-2021-34798, CVE-2021-35517, CVE-2021-35578, CVE-2021-35564, CVE-2021-2369, CVE-2021-39275, CVE-2021-29842 | Multiple security vulnerabilities in WebSphere Application Server affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.8.0 |
| March 24, 2022 | CVE-2022-23307, CVE-2022-23302, CVE-2022-23305 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.9.0 |
| March 24, 2022 | CVE-2021-37136,CVE-2021-37137 | Multiple vulnerabilities in Netty All affect HCL Commerce | HCL Commerce 9.1.1.0 - 9.1.8.0 |
| March 24, 2022 | CVE-2021-3878, CVE-2021-27568, CVE-2021-3869, CVE-2012-0881, CVE-2021-44832, CVE-2021-42550, CVE-2013-4002, CVE-2014-0107, CVE-2009-2625 | Multiple vulnerabilities in open source libraries affect HCL Commerce with Elasticsearch | HCL Commerce 9.1.0.0 - 9.1.8.1 |
| January 20, 2022 | CVE-2021-26272 | Vulnerability in CKeditor affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| January 14, 2022 | CVE-2021-27750 | Session termination vulnerability in HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| December 16, 2021 | CVE-2021-4104 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce | HCL Commerce version 9.1 |
| December 12, 2021 | CVE-2021-44228,CVE-2021-45046, CVE-2021-45105 | Multiple vulnerabilities in Apache Log4j 2 affect HCL Commerce | HCL Commerce version 9.1.x |
| October 14, 2021 | CVE-2021-29736 | Privilege Escalation vulnerability in WebSphere Application Server affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.7.0 |
| October 11, 2021 | CVE-2021-33037 | Vulnerability in Apache Tomcat affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.7.0 |
| October 11, 2021 | CVE-2021-36373, CVE-2021-36374 | Multiple vulnerabilities in Apache Ant affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.7.0 |
| September 1, 2021 | CVE-2020-5258, CVE-2021-20453, CVE-2021-20454, CVE-2021-26296, CVE-2021-2161, CVE-2015-5262, CVE-2011-1498, CVE-2014-3577, CVE-2012-6153, CVE-2021-29754 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| September 1, 2021 | CVE-2021-31811, CVE-2021-31812 | Multiple security vulnerabilities in Apache PDFBox affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| August 11, 2021 | CVE-2021-27807, CVE-2021-27906 | Multiple vulnerabilities in Apache PDFBox affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| August 11, 2021 | CVE-2020-11996, CVE-2020-13934, CVE-2021-25122, CVE-2021-25329, CVE-2021-24122, CVE-2020-1935, CVE-2020-13943 | Multiple vulnerabilities in Apache Tomcat affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| August 11, 2021 | CVE-2020-5016 | A vulnerability in WebSphere Application Server affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.6.0 |
| July 19, 2021 | CVE-2021-27741 | XML external entity (XXE) injection vulnerability in HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.5.0 |
| May 11, 2021 | CVE-2020-7021, CVE-2020-28491, CVE-2021-21290 | Multiple vulnerabilities in Jackson Dataformat, Netty Handler and Elastic Search affect HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.5.0 |
| May 11, 2021 | CVE-2021-21290 | Information disclosure vulnerability in Netty All library affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.5.0 |
| May 4, 2021 | CVE-2020-14797, CVE-2020-4949, CVE-2021-20353, CVE-2021-20354, CVE-2020-2773, CVE-2020-14782, CVE-2020-27221, CVE-2020-14781 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.5.0 |
| May 4, 2021 | CVE-2020-4782, CVE-2020-4576 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.3.0 |
| May 3, 2021 | CVE-2020-17530 | Vulnerability in Apache Struts affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.4.0 |
| May 3, 2021 | CVE-2020-25649 | Multiple vulnerabilities in Jackson Databind affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.4.0 |
| May 3, 2021 | CVE-2020-15250 | Vulnerability in JUnit4 affects HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.3.0 |
| May 3, 2021 | CVE-2020-9281, CVE-2018-17960 | Cross-site scripting (XSS) vulnerabilities in CKEditor shipped with HCL Commerce | HCL Commerce 9.1.0.0 - 9.1.5.0 |
| January 29, 2021 | WS-2017-0225 | Vulnerability in Swagger UI affects HCL Commerce | HCL Commerce version 9.1 |
| January 19, 2021 | CVE-2020-14275 | Potential denial of service and information disclosure vulnerability in HCL Commerce | HCL Commerce 9.1.0 - 9.1.4 |
| January 19, 2021 | CVE-2020-14274 | Information disclosure vulnerability in HCL Commerce | HCL Commerce 9.1.0 - 9.1.4 |
| November 14, 2020 | CVE-2020-2601, CVE-2020-14621, CVE-2020-14581, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2590 | Security vulnerabilities in IBM® Java SDK included with WebSphere Application Server affect HCL Commerce | IBM® Java SDK included with WebSphere Application Server included in: HCL Commerce 9.1.0 - 9.1.2 |
| November 14, 2020 | CVE-2020-4589, CVE-2020-4643, CVE-2020-4578 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: HCL Commerce 9.1.0 - 9.1.2 |