Hcltech: >> Dryice Iautomate >> 6.5.1 Security Vulnerabilities
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-05
HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-07-24
HCL iAutomate includes hardcoded credentials which may result in potential exposure of confidential data if intercepted or accessed by unauthorized parties.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-07-24
HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-07-24