Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-37497

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.

Published

2023-08-03T22:15:12.257

Last Modified

2024-11-21T08:11:50.057

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hcltech	unica	< 11.1.0.6	Yes
Application	hcltech	unica	< 12.1.1	Yes

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 Vendor Advisory ([email protected])
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)