Skip to main content

Aion

39 CVEs product

Monthly

CVE-2025-62305 MEDIUM This Month

HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affecting confidentiality and integrity under specific conditions. The vulnerability requires adjacent network access, low privilege authentication, and user interaction to exploit, making it suitable for targeted attacks within trusted environments rather than widespread remote exploitation.

Information Disclosure Aion
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-62317 LOW Monitor

HCL AION exposes sensitive information through URL parameters, allowing disclosure via browser history, server logs, and intermediary systems. The vulnerability requires adjacent network access, high interaction complexity, and authenticated user involvement, resulting in limited confidentiality impact with a CVSS score of 2.6. No active exploitation has been confirmed.

Information Disclosure Aion
NVD
CVSS 3.1
2.6
EPSS
0.0%
CVE-2025-62308 MEDIUM This Month

HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting authenticated users with local network access and specific user interaction. The exposure reveals internal system architecture and configuration information that could enable reconnaissance for targeted attacks, with limited confidentiality, integrity, and availability impact (CVSS 5.1, CWE-201). No public exploit code or confirmed active exploitation has been identified at time of analysis.

Information Disclosure Aion
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-62309 LOW Monitor

HCL AION stores sensitive information in browser auto-complete caches for certain input fields, potentially exposing credentials or other sensitive data to local attackers or through browser history under specific conditions. The vulnerability requires adjacent network access, high interaction complexity, and local user privilege, limiting real-world exploitation scope but posing risk in shared or compromised workstations.

Information Disclosure Aion
NVD
CVSS 3.1
2.6
EPSS
0.0%
CVE-2025-62312 LOW Monitor

HCL AION uses basic authorization tokens for authentication, exposing credentials to interception or misuse if not transmitted over encrypted channels. The vulnerability affects authenticated local or adjacent network attackers with low privileges and user interaction, resulting in limited confidentiality impact. CVSS 3.0 reflects low severity, though the underlying authentication weakness may enable credential theft in environments with unencrypted internal traffic.

Information Disclosure Aion
NVD
CVSS 3.1
3.0
EPSS
0.0%
CVE-2025-62316 LOW Monitor

HCL AION fails to configure security-related HTTP response headers, potentially reducing browser-based protections against cross-site scripting and other client-side attacks. The vulnerability requires adjacent network access, high interaction complexity, low privilege authentication, and user interaction to achieve limited confidentiality impact. CVSS score of 2.3 reflects minimal real-world risk under current attack conditions.

XSS Aion
NVD
CVSS 3.1
2.3
EPSS
0.0%
CVE-2025-62313 MEDIUM This Month

HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that could lead to account compromise or unauthorized access. The vulnerability requires adjacent network access and affects all versions of the product. No public exploit code has been identified, but the weak authentication controls represent a significant credential-stuffing and password-guessing risk in multi-tenant or shared-network environments.

Authentication Bypass Aion
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62311 MEDIUM This Month

HCL AION transmits backend service details over unencrypted HTTP channels under certain conditions, allowing authenticated local or adjacent-network attackers with limited privileges to intercept and read sensitive configuration data through man-in-the-middle attacks. The vulnerability requires user interaction and non-default network positioning, resulting in a CVSS score of 4.3 (low severity) with confirmed vendor awareness and advisory availability.

Authentication Bypass Aion
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62310 MEDIUM This Month

HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive information to interception or unauthorized access. The vulnerability requires adjacent network access, high attack complexity, and user interaction, limiting real-world exploitation scope. No active exploitation has been confirmed at time of analysis.

Authentication Bypass Aion
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52641 LOW Monitor

HCL AION allows local attackers with high privileges to explore internal filesystem structures through certain system behaviors, potentially disclosing information about the underlying environment that could facilitate further targeted attacks. The vulnerability requires local access, high privileges, and user interaction to trigger, with a CVSS score of 2.9 reflecting low immediate risk. No public exploit code or active exploitation has been identified.

Information Disclosure Aion
NVD
CVSS 3.1
2.9
EPSS
0.0%
CVE-2025-52646 LOW Monitor

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

Information Disclosure SQLi Aion
NVD VulDB
CVSS 3.1
2.2
EPSS
0.0%
CVE-2025-52645 LOW Monitor

A security vulnerability in HCL AION (CVSS 1.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
1.9
EPSS
0.0%
CVE-2025-52642 LOW Monitor

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-52649 LOW Monitor

HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
1.8
EPSS
0.0%
CVE-2025-52644 MEDIUM This Month

HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing the traceability of user activities and potentially compromising monitoring, accountability, and incident investigation capabilities. The vulnerability affects AION 2.0 and is classified as an Information Disclosure issue with a CVSS score of 5.8. An attacker with local access and low privileges could exploit this to perform actions without adequate logging, hindering forensic analysis and compliance audit trails.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-52643 MEDIUM This Month

A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-52636 LOW Monitor

A remote code execution vulnerability in HCL AION (CVSS 1.8). Remediation should follow standard vulnerability management procedures.

Denial Of Service Aion
NVD VulDB
CVSS 3.1
1.8
EPSS
0.0%
CVE-2025-52638 MEDIUM This Month

HCL AION contains a container base image authentication vulnerability where container images are not properly verified before deployment, potentially allowing attackers to execute untrusted or malicious container images within the AION environment. This affects AION 2.0 and could enable attackers with local access and high privileges to compromise system integrity and availability. No public evidence of active exploitation or POC availability has been identified in the provided intelligence sources.

Information Disclosure Aion
NVD VulDB
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-52637 MEDIUM This Month

HCL AION contains a SQL injection or improper query validation vulnerability that allows authenticated local users with low privileges to execute potentially harmful SQL queries against the database. The vulnerability affects certain offering configurations and could lead to limited information disclosure, data modification, or denial of service under specific conditions. With a CVSS score of 4.5 and local attack vector requirement, this represents a moderate-risk vulnerability primarily exploitable by insider threats or compromised local accounts.

Information Disclosure SQLi Aion
NVD VulDB
CVSS 3.1
4.5
EPSS
0.0%
CVE-2025-52633 LOW Monitor

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. [CVSS 3.1 LOW]

Authentication Bypass Aion
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-52631 LOW Monitor

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. [CVSS 3.7 LOW]

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52628 MEDIUM This Month

Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, potentially increasing exposure to cr (CVSS 4.6).

CSRF Aion
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-52623 LOW Monitor

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. [CVSS 3.7 LOW]

Authentication Bypass Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52629 LOW Monitor

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. [CVSS 3.7 LOW]

XSS Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52627 MEDIUM This Month

Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Authentication Bypass Aion
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-52626 MEDIUM This Month

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 [CVSS 4.5 MEDIUM]

Command Injection Aion
NVD
CVSS 3.1
4.5
EPSS
0.1%
CVE-2025-55250 LOW Monitor

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. [CVSS 1.8 LOW]

Information Disclosure Aion
NVD
CVSS 3.1
1.8
EPSS
0.0%
CVE-2025-55251 LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

RCE File Upload Aion
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-55249 LOW Monitor

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks. [CVSS 3.5 LOW]

Information Disclosure Aion
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-52661 LOW Monitor

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. [CVSS 2.4 LOW]

Authentication Bypass Aion
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-52660 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

RCE File Upload Aion
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-52659 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to unintended storage of sensitive or dynamic content, potentially resulting in una (CVSS 2.8).

Authentication Bypass Information Disclosure Aion
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-52635 LOW Monitor

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52625 LOW Monitor

HCL AION 2.0 improperly caches sensitive SSL/HTTPS page content, allowing attackers or local users with device or browser access to retrieve cached credentials, system identifiers, and internal file paths. The vulnerability has a CVSS score of 3.7 (low severity) due to high attack complexity and local/physical access requirements, with no public exploit or active exploitation confirmed.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52624 MEDIUM This Month

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

XSS Aion
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-52650 HIGH This Week

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

Information Disclosure Aion
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-52634 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-52632 MEDIUM This Month

A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52630 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
CVSS 3.1
3.7
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM This Month

HCL AION allows exposure of sensitive information through out-of-band interactions triggered by certain operations, affecting confidentiality and integrity under specific conditions. The vulnerability requires adjacent network access, low privilege authentication, and user interaction to exploit, making it suitable for targeted attacks within trusted environments rather than widespread remote exploitation.

Information Disclosure Aion
NVD
EPSS 0% CVSS 2.6
LOW Monitor

HCL AION exposes sensitive information through URL parameters, allowing disclosure via browser history, server logs, and intermediary systems. The vulnerability requires adjacent network access, high interaction complexity, and authenticated user involvement, resulting in limited confidentiality impact with a CVSS score of 2.6. No active exploitation has been confirmed.

Information Disclosure Aion
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

HCL AION exposes sensitive backend infrastructure details through an information disclosure vulnerability affecting authenticated users with local network access and specific user interaction. The exposure reveals internal system architecture and configuration information that could enable reconnaissance for targeted attacks, with limited confidentiality, integrity, and availability impact (CVSS 5.1, CWE-201). No public exploit code or confirmed active exploitation has been identified at time of analysis.

Information Disclosure Aion
NVD
EPSS 0% CVSS 2.6
LOW Monitor

HCL AION stores sensitive information in browser auto-complete caches for certain input fields, potentially exposing credentials or other sensitive data to local attackers or through browser history under specific conditions. The vulnerability requires adjacent network access, high interaction complexity, and local user privilege, limiting real-world exploitation scope but posing risk in shared or compromised workstations.

Information Disclosure Aion
NVD
EPSS 0% CVSS 3.0
LOW Monitor

HCL AION uses basic authorization tokens for authentication, exposing credentials to interception or misuse if not transmitted over encrypted channels. The vulnerability affects authenticated local or adjacent network attackers with low privileges and user interaction, resulting in limited confidentiality impact. CVSS 3.0 reflects low severity, though the underlying authentication weakness may enable credential theft in environments with unencrypted internal traffic.

Information Disclosure Aion
NVD
EPSS 0% CVSS 2.3
LOW Monitor

HCL AION fails to configure security-related HTTP response headers, potentially reducing browser-based protections against cross-site scripting and other client-side attacks. The vulnerability requires adjacent network access, high interaction complexity, low privilege authentication, and user interaction to achieve limited confidentiality impact. CVSS score of 2.3 reflects minimal real-world risk under current attack conditions.

XSS Aion
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HCL AION lacks adequate brute-force protections on authentication mechanisms, allowing repeated login attempts that could lead to account compromise or unauthorized access. The vulnerability requires adjacent network access and affects all versions of the product. No public exploit code has been identified, but the weak authentication controls represent a significant credential-stuffing and password-guessing risk in multi-tenant or shared-network environments.

Authentication Bypass Aion
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

HCL AION transmits backend service details over unencrypted HTTP channels under certain conditions, allowing authenticated local or adjacent-network attackers with limited privileges to intercept and read sensitive configuration data through man-in-the-middle attacks. The vulnerability requires user interaction and non-default network positioning, resulting in a CVSS score of 4.3 (low severity) with confirmed vendor awareness and advisory availability.

Authentication Bypass Aion
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

HCL AION fails to enforce encryption for certain data transmissions or operations, potentially exposing sensitive information to interception or unauthorized access. The vulnerability requires adjacent network access, high attack complexity, and user interaction, limiting real-world exploitation scope. No active exploitation has been confirmed at time of analysis.

Authentication Bypass Aion
NVD
EPSS 0% CVSS 2.9
LOW Monitor

HCL AION allows local attackers with high privileges to explore internal filesystem structures through certain system behaviors, potentially disclosing information about the underlying environment that could facilitate further targeted attacks. The vulnerability requires local access, high privileges, and user interaction to trigger, with a CVSS score of 2.9 reflecting low immediate risk. No public exploit code or active exploitation has been identified.

Information Disclosure Aion
NVD
EPSS 0% CVSS 2.2
LOW Monitor

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.

Information Disclosure SQLi Aion
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

A security vulnerability in HCL AION (CVSS 1.9). Remediation should follow standard vulnerability management procedures.

Information Disclosure Aion
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour.

Information Disclosure Aion
NVD VulDB
EPSS 0% CVSS 1.8
LOW Monitor

HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature.

Information Disclosure Aion
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing the traceability of user activities and potentially compromising monitoring, accountability, and incident investigation capabilities. The vulnerability affects AION 2.0 and is classified as an Information Disclosure issue with a CVSS score of 5.8. An attacker with local access and low privileges could exploit this to perform actions without adequate logging, hindering forensic analysis and compliance audit trails.

Information Disclosure Aion
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

A security vulnerability in HCL AION (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Aion
NVD VulDB
EPSS 0% CVSS 1.8
LOW Monitor

A remote code execution vulnerability in HCL AION (CVSS 1.8). Remediation should follow standard vulnerability management procedures.

Denial Of Service Aion
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM This Month

HCL AION contains a container base image authentication vulnerability where container images are not properly verified before deployment, potentially allowing attackers to execute untrusted or malicious container images within the AION environment. This affects AION 2.0 and could enable attackers with local access and high privileges to compromise system integrity and availability. No public evidence of active exploitation or POC availability has been identified in the provided intelligence sources.

Information Disclosure Aion
NVD VulDB
EPSS 0% CVSS 4.5
MEDIUM This Month

HCL AION contains a SQL injection or improper query validation vulnerability that allows authenticated local users with low privileges to execute potentially harmful SQL queries against the database. The vulnerability affects certain offering configurations and could lead to limited information disclosure, data modification, or denial of service under specific conditions. With a CVSS score of 4.5 and local attack vector requirement, this represents a moderate-risk vulnerability primarily exploitable by insider threats or compromised local accounts.

Information Disclosure SQLi Aion
NVD VulDB
EPSS 0% CVSS 3.1
LOW Monitor

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. [CVSS 3.1 LOW]

Authentication Bypass Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. [CVSS 3.7 LOW]

Information Disclosure Aion
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Aion versions up to 2.0 contains a vulnerability that allows attackers to cookies to be sent in cross-site requests, potentially increasing exposure to cr (CVSS 4.6).

CSRF Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. [CVSS 3.7 LOW]

Authentication Bypass Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. [CVSS 3.7 LOW]

XSS Aion
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Aion versions up to 2.0 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Authentication Bypass Aion
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 [CVSS 4.5 MEDIUM]

Command Injection Aion
NVD
EPSS 0% CVSS 1.8
LOW Monitor

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. [CVSS 1.8 LOW]

Information Disclosure Aion
NVD
EPSS 0% CVSS 3.1
LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

RCE File Upload Aion
NVD
EPSS 0% CVSS 3.5
LOW Monitor

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks. [CVSS 3.5 LOW]

Information Disclosure Aion
NVD
EPSS 0% CVSS 2.4
LOW Monitor

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. [CVSS 2.4 LOW]

Authentication Bypass Aion
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

RCE File Upload Aion
NVD
EPSS 0% CVSS 2.8
LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to unintended storage of sensitive or dynamic content, potentially resulting in una (CVSS 2.8).

Authentication Bypass Information Disclosure Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

HCL AION 2.0 improperly caches sensitive SSL/HTTPS page content, allowing attackers or local users with device or browser access to retrieve cached credentials, system identifiers, and internal file paths. The vulnerability has a CVSS score of 3.7 (low severity) due to high attack complexity and local/physical access requirements, with no public exploit or active exploitation confirmed.

Information Disclosure Aion
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

XSS Aion
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

Information Disclosure Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.

Information Disclosure Aion
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

Information Disclosure Aion
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy