{"cve":{"cve_id":"CVE-2023-37497","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00443,"epss_percentile":0.35268,"epss_as_of":"2026-06-23","description":"The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.\n","published_at":"2023-08-03T21:14:43.014000Z","last_modified_at":null,"cvss_v3_score":8.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":null,"nvd_references":["https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:33:59.170901Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"hcl-software","vendor_name":"HCL Software","product_slug":"hcl-unica-platform","product_name":"HCL Unica Platform","version_start":"< 11.1.0.6, <12.1.1","version_start_inclusive":true,"version_end":"< 11.1.0.6, <12.1.1","version_end_inclusive":true,"cpe23_uri":"cve5:hcl-software:hcl-unica-platform:< 11.1.0.6, <12.1.1:< 11.1.0.6, <12.1.1"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106547","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2023-08-03T21:14:43.014000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:29:14.965056Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:29:14.965056Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:29:14.965056Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:33:59.170901Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:33:59.170901Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:33:59.170901Z","label":"SSVC decision revised","source":"vulnrichment"}]}