Insecure Direct Object References in HCL Unica Centralized Offer Management
CVE-2025-31997
4.2MEDIUM
What is CVE-2025-31997?
HCL Unica Centralized Offer Management is susceptible to Insecure Direct Object References (IDOR), permitting attackers to circumvent authorization mechanisms and directly access system resources. This may include sensitive database records and files, potentially leading to unauthorized data exposure.
Affected Version(s)
Unica Centralized Offer Management <=25.1
References
CVSS V3.1
Score:
4.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved