5.4
CVE-2025-31954
- EPSS 0.18%
- Veröffentlicht 05.11.2025 18:23:21
- Zuletzt bearbeitet 07.11.2025 18:05:06
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL iAutomate is susceptible to a sensitive information disclosure
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hcltech ≫ Dryice Iautomate Version6.5.1
Hcltech ≫ Dryice Iautomate Version6.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.076 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| psirt@hcl.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-598 Use of HTTP Request With Sensitive Query String
The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0125011