Unica Centralised Offer Management
by HCLTech
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62320 | Med | 0.31 | 4.7 | 0.00 | Mar 17, 2026 | HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically… | ||
| CVE-2025-31998 | 0.00 | — | 0.00 | Oct 12, 2025 | HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. | |||
| CVE-2025-31997 | 0.00 | — | 0.00 | Oct 12, 2025 | HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files. | |||
| CVE-2025-31993 | 0.00 | — | 0.00 | Oct 12, 2025 | HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server. |
- risk 0.31cvss 4.7epss 0.00
HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically…
- CVE-2025-31998Oct 12, 2025risk 0.00cvss —epss 0.00
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service.
- CVE-2025-31997Oct 12, 2025risk 0.00cvss —epss 0.00
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.
- CVE-2025-31993Oct 12, 2025risk 0.00cvss —epss 0.00
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server.