HCL Unica Platform is vulnerable to a privilege escalation by unauthorized group assignation
CVE-2023-37498

8.1HIGH

Key Information:

Vendor

Hcl Software
Status
Hcl Unica Platform
Vendor
CVE Published:
3 August 2023

What is CVE-2023-37498?

A weakness exists in HCL Software products that permits users to elevate their privileges by leveraging a POST request initially intended for administrative use. By reusing this request, malicious actors could assign themselves to unauthorized groups, potentially compromising system integrity and access controls.

Affected Version(s)

HCL Unica Platform <12.1.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.