← back
CVE-2025-31997

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)

CVSS 4.2 MEDIUMEPSS 0.2%CWE-639
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Affected products
HCL Software · Unica Centralized Offer Management

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422