{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-31998","assignerOrgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","state":"PUBLISHED","assignerShortName":"HCL","dateReserved":"2025-04-01T18:46:35.961Z","datePublished":"2025-10-12T02:41:16.694Z","dateUpdated":"2025-10-17T14:37:29.930Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Unica Centralized Offer Management","vendor":"HCL Software","versions":[{"status":"affected","version":"<=25.1"}]}],"datePublic":"2025-10-12T02:16:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information.  An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service."}],"value":"HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information.  An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":3.5,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-703","description":"CWE-703 Improper Check or Handling of Exceptional Conditions","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-209","description":"CWE-209 Generation of Error Message Containing Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"1e47fe04-f25f-42fa-b674-36de2c5e3cfc","shortName":"HCL","dateUpdated":"2025-10-12T02:41:16.694Z"},"references":[{"url":"https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422"}],"source":{"discovery":"UNKNOWN"},"title":"HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-17T14:37:23.317315Z","id":"CVE-2025-31998","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-17T14:37:29.930Z"}}]}}