CVE-2023-37497: An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform
First published: Thu Aug 03 2023(Updated: )
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
Credit: psirt@hcl.com psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Unica | <11.1.0.6 | |
| Hcltech Unica | >=12.0<12.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-37497?
CVE-2023-37497 is a vulnerability in the Unica application that allows an authenticated attacker to perform XML External Entity attacks (XXE) by manipulating XML input.
How does CVE-2023-37497 affect the Unica application?
CVE-2023-37497 affects the Unica application by exposing an API that accepts arbitrary XML input, which can be manipulated to perform XXE attacks.
What is the severity of CVE-2023-37497?
CVE-2023-37497 has a severity rating of 8.1 (high).
How can an authenticated attacker exploit CVE-2023-37497?
An authenticated attacker with certain rights can exploit CVE-2023-37497 by manipulating XML input to perform XXE attacks against the backend service.
Is there a fix available for CVE-2023-37497?
Yes, you can refer to the official HCL Tech support article at https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547 for information on how to fix CVE-2023-37497.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/hcltech
- canonical/hcltech unica
- version/hcltech unica/12.0