CVE-2025-62319 PUBLISHED

Boolean-Based SQL Injection in Multiple Unica Components

Assigner: HCL
Reserved: 10.10.2025 Published: 16.03.2026 Updated: 16.03.2026

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	HCL
Product	Unica
Versions	Default: unaffected Version Version 25.1.1 and below is affected

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410

Problem Types

CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') CWE