Primary

Context

HCL Unica Platform Cookie Without HTTPOnly Flag Vulnerability

Vulnerability

A vulnerability exists in HCL Unica Platform versions 25.1 and below, where cookies are set without the HTTPOnly flag. This omission allows malicious agents to potentially manipulate cookie data by directing users to click on harmful links, either directly or through a third-party website.

Impact

Exploitation of this vulnerability could lead to cross-site scripting attacks, where an attacker injects malicious scripts that are executed in the context of the user's browser.

Remediation

To address this vulnerability, the HTTPOnly and Secure flags should be added to the Set-Cookie header. This can be done by modifying the web server configuration file, such as httpd.conf for Apache or the equivalent for IBM HTTP Server.

Added: Oct 12, 2025, 8:17 AM

Updated: Oct 12, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL Unica Platform Cookie Without HTTPOnly Flag Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating