CVE-2025-31966

EPSS 0.07%
Veröffentlicht 17.03.2026 11:29:21
Zuletzt bearbeitet 31.03.2026 21:06:04
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

Boolean-Based SQL Injection in Multiple Unica Components

HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Sametime SwPlatform- Version < 12.0.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.221

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@hcl.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124722

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-31966

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-31966

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-31966

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-31966