CVE-2023-37497 — HIGH (8.1)

Q: How severe is CVE-2023-37497?

CVE-2023-37497 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-37497?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Unica.

Vulnerability Description

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hcltech	Unica	< 11.1.0.6

Related Weaknesses (CWE)

CWE-611

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547Vendor Advisory

FAQ

What is CVE-2023-37497?

CVE-2023-37497 is a vulnerability with a CVSS score of 8.1 (HIGH). The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attack...

How severe is CVE-2023-37497?

CVE-2023-37497 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-37497?

Check the references section above for vendor advisories and patch information. Affected products include: Hcltech Unica.