2.6
CVE-2025-62317
- EPSS 0.12%
- Veröffentlicht 14.05.2026 16:13:34
- Zuletzt bearbeitet 14.05.2026 17:22:46
- Quelle psirt@hcl.com
- CVE-Watchlists
- Unerledigt
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters.
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHCL
≫
Produkt
AION
Default Statusunaffected
Version
2.1.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.019 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@hcl.com | 2.6 | 0.9 | 1.4 |
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
|
CWE-598 Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0130636