Skip to main content

Bigfix Runbookai

2 CVEs product

Monthly

CVE-2025-62345 LOW Monitor

HCL BigFix RunBookAI 11.2 contains weak input handling in a text input component that may disclose sensitive information to high-privilege users. The vulnerability stems from continued reliance on less-secure input validation mechanisms, creating operational risk through potential misconfiguration. While the CVSS score is low (2.7) due to requirement for high-privilege access and limited confidentiality impact, the information disclosure channel could expose credentials or operational data to authenticated administrators.

Information Disclosure Bigfix Runbookai
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-31951 HIGH This Week

Command injection in HCL BigFix RunBookAI 11.2 allows authenticated remote attackers to execute arbitrary operating system commands. The vulnerability stems from unvalidated input handling in a component that processes commands, enabling command smuggling techniques to bypass input validation. HCL has released a vendor advisory (KB0130444) addressing this issue, which poses significant risk given the product's role in IT automation and runbook orchestration across enterprise environments.

Command Injection Bigfix Runbookai
NVD
CVSS 3.1
8.8
EPSS
0.0%
EPSS 0% CVSS 2.7
LOW Monitor

HCL BigFix RunBookAI 11.2 contains weak input handling in a text input component that may disclose sensitive information to high-privilege users. The vulnerability stems from continued reliance on less-secure input validation mechanisms, creating operational risk through potential misconfiguration. While the CVSS score is low (2.7) due to requirement for high-privilege access and limited confidentiality impact, the information disclosure channel could expose credentials or operational data to authenticated administrators.

Information Disclosure Bigfix Runbookai
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Command injection in HCL BigFix RunBookAI 11.2 allows authenticated remote attackers to execute arbitrary operating system commands. The vulnerability stems from unvalidated input handling in a component that processes commands, enabling command smuggling techniques to bypass input validation. HCL has released a vendor advisory (KB0130444) addressing this issue, which poses significant risk given the product's role in IT automation and runbook orchestration across enterprise environments.

Command Injection Bigfix Runbookai
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy