{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-31997","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2025-04-01T18:46:35.961Z","datePublished":"2025-10-12T02:27:25.913Z","dateUpdated":"2025-10-14T14:53:48.041Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Unica Centralized Offer Management","vendor":"HCL Software","versions":[{"status":"affected","version":"<=25.1"}]}],"datePublic":"2025-10-12T02:16:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).  An attacker can bypass authorization and access resources in the system directly, for example database records or files. <br></p>"}],"value":"HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).  An attacker can bypass authorization and access resources in the system directly, for example database records or files."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"CWE-639 Authorization Bypass Through User-Controlled Key","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2025-10-12T02:27:25.913Z"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422"}],"source":{"discovery":"UNKNOWN"},"title":"HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-14T14:31:38.423358Z","id":"CVE-2025-31997","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-14T14:53:48.041Z"}}]}}