Hcltech Unica
By the Year
In 2024 there have been 0 vulnerabilities in Hcltech Unica . Last year Unica had 5 security vulnerabilities published. Right now, Unica is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 5 | 7.18 |
| 2022 | 1 | 7.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Unica vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Unica Security Vulnerabilities
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign
CVE-2023-37501
6.1 - Medium
- August 03, 2023
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks.
XSS
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform
CVE-2023-37500
6.1 - Medium
- August 03, 2023
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks.
XSS
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform
CVE-2023-37499
6.1 - Medium
- August 03, 2023
A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks.
XSS
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator
CVE-2023-37498
8.8 - High
- August 03, 2023
A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.
The Unica application exposes an API which accepts arbitrary XML input
CVE-2023-37497
8.8 - High
- August 03, 2023
The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.
XXE
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation
CVE-2021-27777
7.5 - High
- May 12, 2022
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Unica or by Hcltech? Click the Watch button to subscribe.
