Vulnerabilities > CVE-2023-37497 - XXE vulnerability in Hcltech Unica

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hcltech

CWE-611

NVD

Published: 2023-08-03

Updated: 2023-08-08

Summary

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.

Vulnerable Configurations

Part	Description	Count
Application	Hcltech Hcltech Unica - Hcltech Unica *	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547