Hcl Aion
32 CVEs affecting Hcl Aion. Latest disclosed: 2026-05-14. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-52632 | Medium | 6.5 | 2025-10-10 | A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. |
CVE-2025-52644 | Medium | 5.8 | 2026-03-16 | HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce t… |
CVE-2025-52638 | Medium | 5.6 | 2026-03-16 | HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may… |
CVE-2025-52627 | Medium | 5.5 | 2026-02-03 | Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing… |
CVE-2025-62313 | Medium | 5.4 | 2026-05-14 | HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attemp… |
CVE-2025-62310 | Medium | 5.4 | 2026-05-14 | HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to… |
CVE-2025-52624 | Medium | 5.4 | 2025-10-10 | A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized sc… |
CVE-2025-62308 | Medium | 5.1 | 2026-05-14 | HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal syste… |
CVE-2025-62305 | Medium | 5.1 | 2026-05-14 | HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensit… |
CVE-2025-52648 | Medium | 4.8 | 2026-03-16 | HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered image… |
CVE-2025-52643 | Medium | 4.7 | 2026-03-16 | HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expos… |
CVE-2025-52628 | Medium | 4.6 | 2026-02-03 | HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potenti… |
CVE-2025-52637 | Medium | 4.5 | 2026-03-16 | HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or r… |
CVE-2025-52626 | Medium | 4.5 | 2026-02-03 | A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the… |
CVE-2025-62311 | Medium | 4.3 | 2026-05-14 | HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to… |
CVE-2025-52631 | Low | 3.7 | 2026-02-03 | HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially expo… |
CVE-2025-52623 | Low | 3.7 | 2026-02-03 | HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead… |
CVE-2025-52629 | Low | 3.7 | 2026-02-03 | HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content in… |
CVE-2025-52625 | Low | 3.7 | 2025-10-10 | A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or intern… |
CVE-2025-52635 | Low | 3.7 | 2025-10-10 | A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. |