iAutomate
by HCL Software
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31955 | Hig | 0.49 | 7.6 | 0.00 | Jul 24, 2025 | HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. | ||
| CVE-2025-31953 | Hig | 0.46 | 7.1 | 0.00 | Jul 24, 2025 | HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties. | ||
| CVE-2025-31952 | Hig | 0.46 | 7.1 | 0.00 | Jul 24, 2025 | HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access. | ||
| CVE-2023-23347 | Med | 0.42 | 6.4 | 0.00 | Aug 9, 2023 | HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | ||
| CVE-2024-42207 | Med | 0.36 | 5.5 | 0.00 | Feb 5, 2025 | HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session. | ||
| CVE-2025-31954 | 0.00 | — | 0.00 | Nov 5, 2025 | HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were… |
- risk 0.49cvss 7.6epss 0.00
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.
- risk 0.46cvss 7.1epss 0.00
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
- risk 0.46cvss 7.1epss 0.00
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
- risk 0.42cvss 6.4epss 0.00
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.
- risk 0.36cvss 5.5epss 0.00
HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim's session ID from their authenticated session.
- CVE-2025-31954Nov 5, 2025risk 0.00cvss —epss 0.00
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were…