Home

Description

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.

PUBLISHED Reserved 2025-04-01 | Published 2025-10-12 | Updated 2025-10-12 | Assigner HCL




MEDIUM: 4.2CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Problem types

CWE-639 Authorization Bypass Through User-Controlled Key

Product status

Default status
unaffected

<=25.1
affected

References

support.hcl-software.com/...rticle&sysparm_article=KB0124422

cve.org (CVE-2025-31997)

nvd.nist.gov (CVE-2025-31997)

Download JSON