Primary

Context

HCL iAutomate Insufficient Session Expiration Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability exists in HCL iAutomate version 6.5.1 due to insufficient session expiration, allowing tokens to remain valid indefinitely unless manually revoked. This flaw increases the risk of unauthorized access.

Impact

Exploitation of this vulnerability could lead to unauthorized access, as valid tokens can be used to gain access to the system indefinitely.

Remediation

Users can upgrade to HCL iAutomate version 6.5.2, which addresses this vulnerability. Assistance with the upgrade process is available from the HCL iAutomate support team.

Added: Jul 24, 2025, 9:26 PM

Updated: Jul 24, 2025, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL iAutomate Insufficient Session Expiration Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating