Description
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- high
- User Action
- required
- Scope
- unchanged
- Confidentiality
- high
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-639
Metadata
- Primary Vendor
- HCLTECH
- Published
- 10/12/2025
- Last Modified
- 10/29/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
hcltech : unica_centralized_offer_management
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.