Description
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.
Published: 2026-05-06
Score: 2.7 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a weakness in how the Input Text component processes user input, which can lead to misconfiguration and operational errors. The weakness does not directly enable code execution or data exfiltration, but it creates a pathway for administrators or automated processes to improperly configure the system, potentially disrupting normal operations.

Affected Systems

HCL BigFix RunBookAI is affected. The CPE indicates the product, but no specific version information is provided in the available data.

Risk and Exploitability

This flaw receives a CVSS score of 2.7, reflecting low overall impact and limited exploitation potential. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, indicating that it has not been identified as a high‑priority exploited issue. The likely attack vector involves local or privileged users interacting with the Input Text feature, and the description suggests that exploitability requires misconfiguration; no public exploitation scenarios are documented.

Generated by OpenCVE AI on May 6, 2026 at 13:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade to a HCL BigFix RunBookAI release that fixes the input handling flaw
  • Disable or restrict the use of the insecure Input Text feature by updating configuration settings
  • Review and harden input validation logic to prevent misconfiguration
  • Monitor configuration logs for unexpected changes or attempts to use the vulnerable feature

Generated by OpenCVE AI on May 6, 2026 at 13:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.
Title HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-06T12:20:09.801Z

Reserved: 2025-10-10T09:04:27.771Z

Link: CVE-2025-62345

cve-icon Vulnrichment

Updated: 2026-05-06T12:20:06.434Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:26.957

Modified: 2026-05-06T19:05:56.337

Link: CVE-2025-62345

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T14:00:06Z

Weaknesses