Hcl Unica
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Hcl Unica.
By the Year
In 2026 there have been 1 vulnerability in Hcl Unica with an average score of 9.8 out of ten. Last year, in 2025 Unica had 12 security vulnerabilities published. Right now, Unica is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 5.07.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 9.80 |
| 2025 | 12 | 4.73 |
It may take a day or so for new Unica vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcl Unica Security Vulnerabilities
HCL Boolean-Based SQL Injection in Configuration Queries
CVE-2025-62319
9.8 - Critical
- March 16, 2026
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.
SQL Injection
File Upload Vulnerability in HCL Unica 12.0.0
CVE-2025-51736
6.3 - Medium
- November 28, 2025
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
Unrestricted File Upload
CSV Formula Injection in HCL Unica 12.0.0
CVE-2025-51735
7.5 - High
- November 28, 2025
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CSV Injection
XSS in HCL Unica 12.0.0 (UI)
CVE-2025-51734
5.4 - Medium
- November 28, 2025
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
XSS
HCL Unica 12.0.0 CSRF Vulnerability
CVE-2025-51733
5.5 - Medium
- November 28, 2025
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
Session Riding
HCL Unica Platform: HTTP Header Misconfig
CVE-2025-52615
3.5 - Low
- October 12, 2025
HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers.
Protection Mechanism Failure
HCL Unica: Cookie without HTTPOnly flag (CVE-2025-52614)
CVE-2025-52614
3.5 - Low
- October 12, 2025
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site.
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
HCL Unica: CSP Misconfig Enables XSS/Clickjacking Attacks
CVE-2025-31969
4 - Medium
- October 12, 2025
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
Improperly Implemented Security Check for Standard
HCL Unica MaxAI Assistant Susceptible to ClientSide HTML Injection
CVE-2025-31992
4.6 - Medium
- October 12, 2025
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.
Basic XSS
HCL Unica 12.1.10 sys info disclosure vuln
CVE-2025-52616
5.3 - Medium
- October 12, 2025
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
HCL Unica Centralized Offer Mgmt Exception Leaks Sensitive Data
CVE-2025-31998
3.5 - Low
- October 12, 2025
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service.
Improper Check or Handling of Exceptional Conditions
HCL Unica Centralized Offer Management IDOR Vulnerability
CVE-2025-31997
4.2 - Medium
- October 12, 2025
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.
Insecure Direct Object Reference / IDOR
HCL Unica Offer Mgmt SSRF via Input Validation
CVE-2025-31993
3.5 - Low
- October 12, 2025
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server.
SSRF
