VYPR
Unrated severityNVD Advisory· Published Aug 3, 2023· Updated Oct 17, 2024

An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform

CVE-2023-37497

Description

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.