HCL Unica Platform is vulnerable to a privilege escalation by unauthorized group assignation
CVE-2023-37498

8.1HIGH

Key Information:

Vendor: Hcl Software
Status: Hcl Unica Platform
Vendor: CVE Published:; 3 August 2023

Summary

A weakness exists in HCL Software products that permits users to elevate their privileges by leveraging a POST request initially intended for administrative use. By reusing this request, malicious actors could assign themselves to unauthorized groups, potentially compromising system integrity and access controls.

Affected Version(s)

HCL Unica Platform <12.1.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Jul 6, 2023