HCL Unica CSV Formula Injection Vulnerability

Vulnerability

A CSV formula injection vulnerability exists in HCL Technologies Unica version 12.0.0. This vulnerability allows for the manipulation of CSV files by injecting malicious formulas, which could be executed when the file is opened in a spreadsheet application.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution in the context of the user opening the manipulated CSV file.

Added: Nov 28, 2025, 3:18 PM

Updated: Nov 28, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

6.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

6.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Unica CSV Formula Injection Vulnerability

Vulnerability

Impact

Affected Products

HCL Technologies Ltd. Unica

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating