CVE-2025-62345— HCL BigFix RunBookAI 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-62345の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
不充分的凭证保护机制
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
HCL BigFix RunBookAI 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
HCL BigFix RunBookAI是美国HCL公司的一个由人工智能(AI)驱动的自动化平台。 HCL BigFix RunBookAI存在安全漏洞,该漏洞源于持续存在安全性较低的输入文本,组件输入处理实现存在安全弱点,增加配置错误和操作错误的风险。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| HCL | BigFix RunBookAI | 11.2 | - |
II. CVE-2025-62345の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-62345のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · HCL · 2026-05-06 · 13 CVEs total
| CVE-2025-31951 | 8.8 HIGH | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggl |
| CVE-2024-30151 | 8.3 HIGH | HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability |
| CVE-2025-31970 | 5.3 MEDIUM | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability |
| CVE-2025-31960 | 5.3 MEDIUM | HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper e |
| CVE-2025-52613 | 4.6 MEDIUM | HCL BigFix Service Management (SM) is affected by use of a vulnerable component |
| CVE-2025-59851 | 3.7 LOW | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability |
| CVE-2025-59852 | 3.7 LOW | HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability |
| CVE-2025-31983 | 3.7 LOW | HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerabilit |
| CVE-2025-31984 | 3.7 LOW | HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a mis |
| CVE-2025-59853 | 3.1 LOW | HCL DFXAnalytics is affected by an Improper Error Handling vulnerability |
| CVE-2025-59854 | 3.1 LOW | HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability |
| CVE-2025-31975 | 2.6 LOW | HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banne |
IV. 関連脆弱性
同じベンダー: HCL
- CVE-2024-30151
HCL BigFix Service Management (SM) is susceptible to Broken - CVE-2025-31960
HCL BigFix Service Management (SM) is vulnerable to informat - CVE-2025-31975
HCL BigFix Service Management (SM) is affected by an Informa - CVE-2025-52613
HCL BigFix Service Management (SM) is affected by use of a v - CVE-2025-31984
HCL BigFix Service Management (SM) is affected by a security
同じ弱点: CWE-522
- CVE-2026-42295
Argo Workflows: Exposure of artifact repository credentials - CVE-2026-41506
go-git Credential leak via cross-host redirect in smart HTTP - CVE-2026-23927
Agent 2 Oracle plugin TNS connection string injection via th - CVE-2026-42367
GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege - CVE-2026-6446
My Social Feeds <= 1.0.4 - Missing Authorization to Unauthen
V. CVE-2025-62345へのコメント
まだコメントはありません