{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-37497","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2023-07-06T16:11:32.538Z","datePublished":"2023-08-03T21:14:43.014Z","dateUpdated":"2024-10-17T15:00:50.717Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"HCL Unica Platform","vendor":"HCL Software","versions":[{"status":"affected","version":"< 11.1.0.6, <12.1.1"}]}],"datePublic":"2023-08-03T20:30:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.</span><br>"}],"value":"The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2023-08-03T21:31:09.037Z"},"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547"}],"source":{"discovery":"UNKNOWN"},"title":"An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform ","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:16:30.168Z"},"title":"CVE Program Container","references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-17T15:00:30.605579Z","id":"CVE-2023-37497","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-17T15:00:50.717Z"}}]}}