Description
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.
Published: 2026-03-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL injection allowing unauthorized data access and potential modification
Action: Immediate Patch
AI Analysis

Impact

Boolean-based SQL injection is a blind technique that manipulates SQL queries by inserting Boolean conditions. When such a condition evaluates to true or false, the application behaves differently, enabling an attacker to execute arbitrary SQL against the backend without receiving error messages. This vulnerability can lead to unauthorized data disclosure and possible modification, compromising confidentiality and integrity of the system. The weakness is classified as CWE‑89.

Affected Systems

The affected vendor is HCL Unica and the vulnerability spans multiple Unica components. No specific product version information is included in the CVE data, so administrators must consult the vendor reference for details on which releases are impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates a very high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is via externally accessible application input fields. Exploitation requires the attacker to supply crafted input; if successful, the attacker can extract or alter data.

Generated by OpenCVE AI on March 17, 2026 at 11:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to a release that fixes CVE-2025-62319.
  • If a patch is not yet available, restrict external access to the affected Unica components and monitor application logs for suspicious queries.
  • Consider deploying a web application firewall or other input‑validation controls to block malicious SQL injection attempts.

Generated by OpenCVE AI on March 17, 2026 at 11:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech unica
Vendors & Products Hcltech
Hcltech unica

Mon, 16 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Description Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.
Title Boolean-Based SQL Injection in Multiple Unica Components
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Hcltech Unica
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-17T12:53:56.374Z

Reserved: 2025-10-10T09:04:19.898Z

Link: CVE-2025-62319

cve-icon Vulnrichment

Updated: 2026-03-16T15:58:49.650Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T16:16:13.167

Modified: 2026-03-17T14:20:01.670

Link: CVE-2025-62319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:50:20Z

Weaknesses