CVE-2025-31997

MEDIUM

Hcltech Unica Centralized Offer Management < 25.1.0.1 - IDOR

Title source: rule

Description

HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124422

Scores

CVSS v3 4.2

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

hcltech/unica_centralized_offer_management < 25.1.0.1

Published Oct 12, 2025

Tracked Since Feb 18, 2026