VYPR

AION

by HCL Software

CVEs (21)

  • CVE-2025-52650HigOct 10, 2025
    risk 0.53cvss 8.2epss 0.00

    Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0

  • CVE-2025-52632MedOct 10, 2025
    risk 0.42cvss 6.5epss 0.00

    A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

  • CVE-2025-52627MedFeb 3, 2026
    risk 0.36cvss 5.5epss 0.00

    Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

  • CVE-2025-52624MedOct 10, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects…

  • CVE-2025-52628MedFeb 3, 2026
    risk 0.30cvss 4.6epss 0.00

    HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.

  • CVE-2025-52626MedFeb 3, 2026
    risk 0.29cvss 4.5epss 0.01

    A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0

  • CVE-2025-52631LowFeb 3, 2026
    risk 0.24cvss 3.7epss 0.00

    HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.

  • CVE-2025-52623LowFeb 3, 2026
    risk 0.24cvss 3.7epss 0.00

    HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access.…

  • CVE-2025-52629LowFeb 3, 2026
    risk 0.24cvss 3.7epss 0.00

    HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.

  • CVE-2025-52635LowOct 10, 2025
    risk 0.24cvss 3.7epss 0.00

    A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

  • CVE-2025-52625LowOct 10, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.

  • CVE-2025-52634LowOct 10, 2025
    risk 0.24cvss 3.7epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.

  • CVE-2025-52630LowOct 10, 2025
    risk 0.24cvss 3.7epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

  • CVE-2025-55249LowJan 19, 2026
    risk 0.23cvss 3.5epss 0.00

    HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.

  • CVE-2025-52633LowFeb 3, 2026
    risk 0.20cvss 3.1epss 0.00

    HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.

  • CVE-2025-55252LowJan 19, 2026
    risk 0.20cvss 3.1epss 0.00

    HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulting in unauthorized access

  • CVE-2025-55251LowJan 19, 2026
    risk 0.20cvss 3.1epss 0.00

    HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

  • CVE-2025-52660LowJan 19, 2026
    risk 0.18cvss 2.7epss 0.00

    HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

  • CVE-2025-52659LowJan 19, 2026
    risk 0.18cvss 2.8epss 0.00

    HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.

  • CVE-2025-52661LowJan 19, 2026
    risk 0.16cvss 2.4epss 0.00

    HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.

Page 1 of 2