5.4

CVE-2025-31954

HCL iAutomate is susceptible to a sensitive information disclosure

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure.  An HTTP GET method is used to process a request and includes sensitive information in the query string of that request.  An attacker could potentially access information or resources they were not intended to see.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HcltechDryice Iautomate Version6.5.1
HcltechDryice Iautomate Version6.5.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.076
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
psirt@hcl.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-598 Use of HTTP Request With Sensitive Query String

The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0125011
Vendor Advisory