Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-31993— HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)

CVSS 3.5 · Low EPSS 0.04% · P14
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-31993

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Description
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
HCL Unica Centralized Offer Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HCL Unica Centralized Offer Management是印度HCL公司的一个负责优惠的统一管理和分发的模块。 HCL Unica Centralized Offer Management存在安全漏洞,该漏洞源于输入验证不当,可能导致服务端请求伪造攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
HCL SoftwareUnica Centralized Offer Management <=25.1 -

II. Public POCs for CVE-2025-31993

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-31993

登录查看更多情报信息。

Same Patch Batch · HCL Software · 2025-10-12 · 8 CVEs total

CVE-2025-526165.3 MEDIUMHCL Unica 12.1.10 is affected by an exposure of sensitive information
CVE-2025-319924.6 MEDIUMHCL MaxAI Assistant is susceptible to a HTML injection vulnerability
CVE-2025-319974.2 MEDIUMHCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References
CVE-2025-319694.0 MEDIUMHCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)
CVE-2025-526153.5 LOWHCL Unica Platform is impacted by misconfigured security related HTTP headers
CVE-2025-526143.5 LOWHCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability
CVE-2025-319983.5 LOWHCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which ex

IV. Related Vulnerabilities

Same product: Unica Centralized Offer Management
Same vendor: HCL Software
Same weakness: CWE-918

V. Comments for CVE-2025-31993

No comments yet

Leave a comment