31 matches found
CVE-2025-52631
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...
CVE-2025-52628
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52629
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...
EUVD-2025-206680
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...
CVE-2025-52623
CVE-2025-52623 affects HCL AION v2.0 where the password field does not have autocomplete disabled, enabling potential storage or disclosure of credentials. Connected sources (CNVD-2026-16403, RH/Red Hat, NVD, and PT-2026-5901) corroborate an information disclosure risk from password-field autocom...
CVE-2025-52623
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...
CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...
CVE-2025-52629
CVE-2025-52629 affects HCL AION 2.0 and is caused by a missing Content-Security-Policy (CSP) header, increasing risk of cross-site scripting and content-injection attacks. Multiple sources (NVD, RH, CNVD, ENISA EUVD) corroborate the missing CSP as the issue. Remediation is to implement a CSP head...
CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...
CVE-2025-52626
Affected product : HCL AION (AI lifecycle management platform). Vulnerability : Command injection vulnerability that can be exploited to execute arbitrary commands on the underlying system. Root cause / context : Descriptions indicate a command injection issue in HCL AION; specific technical root...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52627 HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
PT-2026-5907
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a security issue involving the storage of sensitive session data in persistent cookies. This practice can elevate the risk of unauthorized access if these cookies are intercepted or...
CVE-2025-52659
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure...
CVE-2025-52635
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...