Описание
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:hcltech:dryice_iautomate:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:hcltech:dryice_iautomate:6.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 13%
0.00043
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-598
Связанные уязвимости
CVSS3: 5.4
github
3 месяца назад
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
EPSS
Процентиль: 13%
0.00043
Низкий
5.4 Medium
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-598