{"id":71473,"date":"2025-10-12T06:45:34","date_gmt":"2025-10-12T03:15:34","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-31997-hcl-unica-centralized-offer-management-is-vulnerable-to-insecure-direct-object-references-idor\/"},"modified":"2025-10-12T06:45:34","modified_gmt":"2025-10-12T03:15:34","slug":"cve-2025-31997-hcl-unica-centralized-offer-management-is-vulnerable-to-insecure-direct-object-references-idor","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-31997-hcl-unica-centralized-offer-management-is-vulnerable-to-insecure-direct-object-references-idor\/","title":{"rendered":"CVE-2025-31997 &#8211; HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)"},"content":{"rendered":"<p>CVE ID : CVE-2025-31997<\/p>\n<p>Published :  Oct. 12, 2025, 3:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago<\/p>\n<p>Description : HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR).  An attacker can bypass authorization and access resources in the system directly, for example database records or files.<\/p>\n<p>Severity: 4.2 | MEDIUM<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-31997 Published : Oct. 12, 2025, 3:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago Description : HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files. Severity: 4.2 | MEDIUM Visit the link &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-71473","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71473","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=71473"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/71473\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=71473"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=71473"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=71473"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}