CVE-2025-62319
Boolean-Based SQL Injection in Multiple Unica Components
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.
| CWE | CWE-89 |
| Vendor | hcl |
| Product | unica |
| Published | Mar 16, 2026 |
| Last Updated | Mar 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for hcl unica
Be the first to know when new critical vulnerabilities affecting hcl unica are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
HCL / Unica
Version 25.1.1 and below