CVE-2025-31954
- EPSS 0.04%
- Veröffentlicht 05.11.2025 18:23:21
- Zuletzt bearbeitet 07.11.2025 18:05:06
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access infor...
CVE-2025-31952
- EPSS 0.09%
- Veröffentlicht 24.07.2025 21:15:28
- Zuletzt bearbeitet 10.10.2025 16:36:10
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
CVE-2025-31953
- EPSS 0.05%
- Veröffentlicht 24.07.2025 21:15:28
- Zuletzt bearbeitet 10.10.2025 16:35:39
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
CVE-2025-31955
- EPSS 0.07%
- Veröffentlicht 24.07.2025 21:15:28
- Zuletzt bearbeitet 10.10.2025 16:35:21
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.
- EPSS 0.15%
- Veröffentlicht 05.02.2025 16:15:40
- Zuletzt bearbeitet 10.10.2025 16:27:44
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session.
CVE-2023-23347
- EPSS 0.04%
- Veröffentlicht 09.08.2023 20:15:09
- Zuletzt bearbeitet 21.11.2024 07:46:01
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.