The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
References
Link | Resource |
---|---|
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 | Vendor Advisory |
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
08 Aug 2023, 14:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:* | |
CWE | CWE-611 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Hcltech unica
Hcltech |
|
References | (MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 - Vendor Advisory |
03 Aug 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-03 22:15
Updated : 2024-11-21 08:11
NVD link : CVE-2023-37497
Mitre link : CVE-2023-37497
CVE.ORG link : CVE-2023-37497
JSON object : View
Products Affected
hcltech
- unica
CWE
CWE-611
Improper Restriction of XML External Entity Reference