Primary

Context

HCL iAutomate Sensitive Information Disclosure Vulnerability

Vulnerability

A sensitive information disclosure vulnerability has been identified in HCL iAutomate versions 6.5.1 and 6.5.2. This issue arises because the application processes requests using the HTTP GET method, which can inadvertently expose sensitive information in the query string. As a result, an attacker might access information or resources that should have remained confidential.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information or resources.

Remediation

Users can upgrade to HCL BigFix RunBook AI version 11.1, which addresses this vulnerability. For assistance with the upgrade process, customers can contact the HCL support team.

Added: Nov 5, 2025, 7:25 PM

Updated: Nov 5, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL iAutomate Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating