{"api_version":"1","generated_at":"2026-04-23T07:56:02+00:00","cve":"CVE-2023-37497","urls":{"html":"https://cve.report/CVE-2023-37497","api":"https://cve.report/api/cve/CVE-2023-37497.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-37497","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-37497"},"summary":{"title":"CVE-2023-37497","description":"The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.","state":"PUBLIC","assigner":"psirt@hcl.com","published_at":"2023-08-03 22:15:00","updated_at":"2023-08-08 14:49:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547","name":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547","refsource":"MISC","tags":[],"title":"Security Bulletin: An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform (CVE-2023-37497) - Customer Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-37497","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37497","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"37497","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hcltech","cpe5":"unica","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-37497","ASSIGNER":"psirt@hcl.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"HCL Software","product":{"product_data":[{"product_name":"HCL Unica Platform","version":{"version_data":[{"version_affected":"=","version_value":"< 11.1.0.6, <12.1.1"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547","refsource":"MISC","name":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-08-03 22:15:00","lastModifiedDate":"2023-08-08 14:49:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*","versionEndExcluding":"11.1.0.6","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.1.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}