HCL Unica Centralized Offer Management is vulnerable to Insecure Direct...

4.2 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Description

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.

Basic Information

ID CVE-2025-31997

Source HCL

Published Oct 12, 2025 at 02:27

Affected Product

Vendor HCL Software

Product Unica Centralized Offer Management

Version <=25.1

Affected Versions HCL Software Unica Centralized Offer Management <=25.1

CWE Classification

CWE-639

References

support.hcl-software.com /csm

{
    "lastseen": "",
    "description": "HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).  An attacker can bypass authorization and access resources in the system directly, for example database records or files.",
    "published": "2025-10-12T02:27:25.913Z",
    "modified": "2025-10-12T02:27:25.913Z",
    "type": "cve",
    "title": "HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)",
    "source": "HCL",
    "references": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422",
    "id": "CVE-2025-31997",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "HCL Software Unica Centralized Offer Management <=25.1",
    "sourceHref": "",
    "cvss": {
        "score": 4.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Unica Centralized Offer Management",
    "version": "<=25.1",
    "vendor": "HCL Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)_CVE-2025-31997