Aion
by HCLTech
CVEs (41)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52650 | Hig | 0.53 | 8.2 | 0.00 | Oct 10, 2025 | Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 | ||
| CVE-2025-52632 | Med | 0.42 | 6.5 | 0.00 | Oct 10, 2025 | A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. | ||
| CVE-2025-52644 | Med | 0.38 | 5.8 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation… | ||
| CVE-2025-52627 | Med | 0.36 | 5.5 | 0.00 | Feb 3, 2026 | Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | ||
| CVE-2025-62313 | Med | 0.35 | 5.4 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions. | ||
| CVE-2025-62310 | Med | 0.35 | 5.4 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions. | ||
| CVE-2025-52624 | Med | 0.35 | 5.4 | 0.00 | Oct 10, 2025 | A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects… | ||
| CVE-2025-62308 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under… | ||
| CVE-2025-62305 | Med | 0.33 | 5.1 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions. | ||
| CVE-2025-52643 | Med | 0.31 | 4.7 | 0.00 | Mar 16, 2026 | HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing… | ||
| CVE-2025-52628 | Med | 0.30 | 4.6 | 0.00 | Feb 3, 2026 | HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0. | ||
| CVE-2025-52626 | Med | 0.29 | 4.5 | 0.01 | Feb 3, 2026 | A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | ||
| CVE-2025-62311 | Med | 0.28 | 4.3 | 0.00 | May 14, 2026 | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions | ||
| CVE-2025-52631 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | ||
| CVE-2025-52623 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access.… | ||
| CVE-2025-52629 | Low | 0.24 | 3.7 | 0.00 | Feb 3, 2026 | HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | ||
| CVE-2025-52635 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. | ||
| CVE-2025-52625 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0. | ||
| CVE-2025-52634 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. | ||
| CVE-2025-52630 | Low | 0.24 | 3.7 | 0.00 | Oct 10, 2025 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. |
- risk 0.53cvss 8.2epss 0.00
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
- risk 0.42cvss 6.5epss 0.00
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
- risk 0.38cvss 5.8epss 0.00
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation…
- risk 0.36cvss 5.5epss 0.00
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
- risk 0.35cvss 5.4epss 0.00
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.
- risk 0.35cvss 5.4epss 0.00
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.
- risk 0.35cvss 5.4epss 0.00
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects…
- risk 0.33cvss 5.1epss 0.00
HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under…
- risk 0.33cvss 5.1epss 0.00
HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.
- risk 0.31cvss 4.7epss 0.00
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing…
- risk 0.30cvss 4.6epss 0.00
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
- risk 0.29cvss 4.5epss 0.01
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
- risk 0.28cvss 4.3epss 0.00
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
- risk 0.24cvss 3.7epss 0.00
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access.…
- risk 0.24cvss 3.7epss 0.00
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
- risk 0.24cvss 3.7epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Page 1 of 3