Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
AnalysisAI
HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing the traceability of user activities and potentially compromising monitoring, accountability, and incident investigation capabilities. The vulnerability affects AION 2.0 and is classified as an Information Disclosure issue with a CVSS score of 5.8. An attacker with local access and low privileges could exploit this to perform actions without adequate logging, hindering forensic analysis and compliance audit trails.
Technical ContextAI
The vulnerability exists in HCL AION (cpe:2.3:a:hcl:aion:*:*:*:*:*:*:*:*), a platform affected by insufficient audit logging mechanisms. While no specific CWE is assigned in the disclosure, this type of vulnerability typically falls under CWE-778 (Insufficient Logging) or related audit control weaknesses. The root cause involves the application's failure to implement comprehensive logging for sensitive user operations, meaning certain state-changing actions bypass audit trail generation entirely. This is particularly critical in enterprise governance platforms where audit logs serve as the primary mechanism for compliance, forensic investigation, and regulatory adherence.
RemediationAI
Contact HCL support and apply the security patch provided in knowledge base article KB0129410 (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410) to restore comprehensive audit logging functionality for all user actions. Until patches are deployed, implement compensating controls such as enabling operating system-level audit logging for AION application processes, deploying endpoint detection and response (EDR) tools to monitor AION process behavior, restricting local login access to trusted administrators only, and implementing file integrity monitoring on AION configuration and database files to detect unauthorized modifications. Configure centralized log aggregation with alerting for any modifications to audit log settings or deletion attempts.
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
HCL AION contains a container base image authentication vulnerability where container images are not properly verified b
Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).
HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that coul
HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive inform
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-
HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affe
HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting auth
A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.
Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, pot
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially le
Same weakness CWE-778 – Insufficient Logging
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208737