7.1
CVE-2025-31952
- EPSS 0.12%
- Veröffentlicht 24.07.2025 21:15:28
- Zuletzt bearbeitet 10.10.2025 16:36:10
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
LoginHCL iAutomate is affected by an insufficient session expiration
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Dryice Iautomate Version6.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.302 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@hcl.com | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."