iAutomate
by HCL Software
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31954 | 0.00 | — | 0.00 | Nov 5, 2025 | HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. | |||
| CVE-2025-31952 | 0.00 | — | 0.00 | Jul 24, 2025 | HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access. | |||
| CVE-2025-31955 | 0.00 | — | 0.00 | Jul 24, 2025 | HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. | |||
| CVE-2025-31953 | 0.00 | — | 0.00 | Jul 24, 2025 | HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties. |
- CVE-2025-31954Nov 5, 2025risk 0.00cvss —epss 0.00
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
- CVE-2025-31952Jul 24, 2025risk 0.00cvss —epss 0.00
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
- CVE-2025-31955Jul 24, 2025risk 0.00cvss —epss 0.00
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.
- CVE-2025-31953Jul 24, 2025risk 0.00cvss —epss 0.00
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.