VYPR

Unica

by HCL Software

CVEs (5)

  • CVE-2025-62319CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.00

    Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently…

  • CVE-2023-37497HigAug 3, 2023
    risk 0.53cvss 8.1epss 0.00

    The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.

  • CVE-2021-27777HigMay 12, 2022
    risk 0.49cvss 7.5epss 0.01

    XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.

  • CVE-2025-51733Nov 28, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.

  • CVE-2025-52616Oct 12, 2025
    risk 0.00cvss epss 0.00

    HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.