Unrated severityNVD Advisory· Published Aug 3, 2023· Updated Oct 17, 2024
An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform
CVE-2023-37497
Description
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
Affected products
2- Range: < 11.1.0.6, <12.1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.