Hcltech

Aion

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-52628

  • EPSS 0.05%
  • Veröffentlicht 03.02.2026 18:06:41
  • Zuletzt bearbeitet 25.04.2026 17:59:55

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This iss...

5.3

CVE-2025-52633

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 18:00:05
  • Zuletzt bearbeitet 27.04.2026 18:34:56

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. ...

6.1

CVE-2025-52629

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 17:54:44
  • Zuletzt bearbeitet 27.04.2026 18:34:28

HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION...

9.8

CVE-2025-52626

  • EPSS 0.06%
  • Veröffentlicht 03.02.2026 17:48:06
  • Zuletzt bearbeitet 25.04.2026 17:58:56

A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0

7.5

CVE-2025-52627

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 17:44:27
  • Zuletzt bearbeitet 25.04.2026 17:59:04

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

9.8

CVE-2025-55252

  • EPSS 0.04%
  • Veröffentlicht 19.01.2026 18:13:17
  • Zuletzt bearbeitet 25.04.2026 18:05:01

HCL AION  version 2 is affected by a Weak Password Policy vulnerability. This can  allow the use of easily guessable passwords, potentially resulting in unauthorized access

5.3

CVE-2025-55250

  • EPSS 0.03%
  • Veröffentlicht 19.01.2026 18:09:03
  • Zuletzt bearbeitet 25.04.2026 18:04:45

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.

5.3

CVE-2025-52661

  • EPSS 0.04%
  • Veröffentlicht 19.01.2026 18:04:31
  • Zuletzt bearbeitet 25.04.2026 18:04:38

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.

5.3

CVE-2025-55249

  • EPSS 0.08%
  • Veröffentlicht 19.01.2026 18:01:04
  • Zuletzt bearbeitet 25.04.2026 18:05:11

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.

7.5

CVE-2025-52659

  • EPSS 0.04%
  • Veröffentlicht 19.01.2026 17:54:19
  • Zuletzt bearbeitet 25.04.2026 18:04:34

HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.