The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
References
Link | Resource |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:49
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-611 | |
References | (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 - Vendor Advisory | |
CPE | cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:* | |
First Time |
Hcltech unica
Hcltech |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
03 Aug 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-03 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-37497
Mitre link : CVE-2023-37497
CVE.ORG link : CVE-2023-37497
JSON object : View
Products Affected
hcltech
- unica
CWE
CWE-611
Improper Restriction of XML External Entity Reference