18 matches found
CVE-2025-52631
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52629
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...
EUVD-2025-206680
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...
CVE-2025-52623
CVE-2025-52623 affects HCL AION v2.0 where the password field does not have autocomplete disabled, enabling potential storage or disclosure of credentials. Connected sources (CNVD-2026-16403, RH/Red Hat, NVD, and PT-2026-5901) corroborate an information disclosure risk from password-field autocom...
CVE-2025-52623
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...
CVE-2025-52633
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0...
CVE-2025-52626
Affected product : HCL AION (AI lifecycle management platform). Vulnerability : Command injection vulnerability that can be exploited to execute arbitrary commands on the underlying system. Root cause / context : Descriptions indicate a command injection issue in HCL AION; specific technical root...
CVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52627 HCL AION is susceptible to Incorrect Permission Assignment for Critical Resource
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0...
CVE-2025-52635
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...
CVE-2025-52625 HCL AION is susceptible to Cacheable SSL Page Found vulnerability
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...
CVE-2025-52624 HCL AION is susceptible to Bypass of the script allow list configuration vulnerability
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0...
CVE-2025-52635 HCL AION is susceptible to Trusted types in scripts not enforced in CSP
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability
A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...
PT-2025-41540
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description An issue exists in HCL AION version 2.0 related to Content Security Policy CSP enforcement. Improper CSP configuration allows for the execution of inline scripts, which should be blocked. This enables an attack...