5 matches found
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52633
HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...
CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...
PT-2026-5907
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description HCL AION is susceptible to a security issue involving the storage of sensitive session data in persistent cookies. This practice can elevate the risk of unauthorized access if these cookies are intercepted or...
CVE-2025-52632
CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...