Bigfix Runbookai
Monthly
HCL BigFix RunBookAI 11.2 contains weak input handling in a text input component that may disclose sensitive information to high-privilege users. The vulnerability stems from continued reliance on less-secure input validation mechanisms, creating operational risk through potential misconfiguration. While the CVSS score is low (2.7) due to requirement for high-privilege access and limited confidentiality impact, the information disclosure channel could expose credentials or operational data to authenticated administrators.
Command injection in HCL BigFix RunBookAI 11.2 allows authenticated remote attackers to execute arbitrary operating system commands. The vulnerability stems from unvalidated input handling in a component that processes commands, enabling command smuggling techniques to bypass input validation. HCL has released a vendor advisory (KB0130444) addressing this issue, which poses significant risk given the product's role in IT automation and runbook orchestration across enterprise environments.
HCL BigFix RunBookAI 11.2 contains weak input handling in a text input component that may disclose sensitive information to high-privilege users. The vulnerability stems from continued reliance on less-secure input validation mechanisms, creating operational risk through potential misconfiguration. While the CVSS score is low (2.7) due to requirement for high-privilege access and limited confidentiality impact, the information disclosure channel could expose credentials or operational data to authenticated administrators.
Command injection in HCL BigFix RunBookAI 11.2 allows authenticated remote attackers to execute arbitrary operating system commands. The vulnerability stems from unvalidated input handling in a component that processes commands, enabling command smuggling techniques to bypass input validation. HCL has released a vendor advisory (KB0130444) addressing this issue, which poses significant risk given the product's role in IT automation and runbook orchestration across enterprise environments.