Primary

Context

HCL Unica Centralized Offer Management Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in HCL Unica Centralized Offer Management versions 25.1 and lower. This vulnerability arises from improper input validation, allowing attackers to exploit the application by sending maliciously crafted input that could be used to manipulate server-side requests.

Impact

Exploitation of this vulnerability could lead to unauthorized server-side request manipulation, potentially allowing attackers to access internal resources or services that are not normally exposed.

Remediation

Users are advised to upgrade to HCL Unica Centralized Offer Management version 25.1.0.1, available from the My HCLSoftware Portal.

Added: Oct 12, 2025, 3:16 AM

Updated: Oct 12, 2025, 3:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Unica Centralized Offer Management Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating