CVE-2025-31954
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-05
Last updated on: 2025-11-07
Assigner: HCL Software
Description
Description
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hcltech | dryice_iautomate | 6.5.1 |
| hcltech | dryice_iautomate | 6.5.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-598 | The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in HCL iAutomate versions 6.5.1 and 6.5.2 involves sensitive information being exposed because the application uses an HTTP GET method that includes sensitive data in the query string. This means an attacker could potentially see information or access resources they should not be able to.
How can this vulnerability impact me? :
The vulnerability could allow an attacker to access sensitive information or resources that they are not authorized to see, potentially leading to information disclosure and unauthorized access.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70