Home/Product/hcltech aion
Product

hcltech aion

32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-52641
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. E
2.9LOW
 CVE-2025-52649
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow
1.8LOW
 CVE-2025-52646
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL quer
2.2LOW
 CVE-2025-52645
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity
1.9LOW
 CVE-2025-52644
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper aud
5.8MEDIUM
 CVE-2025-52643
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbo
4.7MEDIUM
 CVE-2025-52642
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system beh
3.3LOW
 CVE-2025-52636
>= 2.0.0 and < 2.1.2
HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload si
1.8LOW
 CVE-2025-52648
>= 2.0 and < 2.1.2
HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of
4.8MEDIUM
 CVE-2025-52638
>= 2.0 and < 2.1.2
HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running contai
5.6MEDIUM
 CVE-2025-52637
>= 2.0 and < 2.1.2
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL quer
4.5MEDIUM
 CVE-2025-52633
all versions
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session
3.1LOW
 CVE-2025-52631
all versions
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure
3.7LOW
 CVE-2025-52628
all versions
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in
4.6MEDIUM
 CVE-2025-52623
all versions
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete
3.7LOW
 CVE-2025-52629
all versions
HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site
3.7LOW
 CVE-2025-52627
all versions
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system
5.5MEDIUM
 CVE-2025-52626
all versions
A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading t
4.5MEDIUM
 CVE-2025-55252
all versions
HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords,
3.1LOW
 CVE-2025-55250
all versions
HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potenti
1.8LOW
 CVE-2025-55251
all versions
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in
3.1LOW
 CVE-2025-55249
all versions
HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the
3.5LOW
 CVE-2025-52661
all versions
HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potential
2.4LOW
 CVE-2025-52660
all versions
HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in
2.7LOW
 CVE-2025-52659
all versions
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dyn
2.8LOW
 CVE-2025-52635
all versions
A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
3.7LOW
 CVE-2025-52625
all versions
A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials
3.7LOW
 CVE-2025-52624
all versions
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy
5.4MEDIUM
 CVE-2025-52650
all versions
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
8.2HIGH
 CVE-2025-52634
all versions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
3.7LOW
 CVE-2025-52632
all versions
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
6.5MEDIUM
 CVE-2025-52630
all versions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
3.7LOW
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin