Description
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
CVSS Metrics
- Vector
- CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L
- Attack Vector
- adjacent network
- Complexity
- high
- Privileges
- high
- User Action
- none
- Scope
- changed
- Confidentiality
- low
- Integrity
- none
- Availability
- low
- Weaknesses
- CWE-358
Metadata
- Primary Vendor
- HCLTECH
- Published
- 10/12/2025
- Last Modified
- 10/20/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hcltech : unica
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.