Aion

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions.

Published: 2026-05-14T16:13:34.907Z
Updated: 2026-05-14T18:31:43.789Z

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions.

Published: 2026-05-14T16:08:59.417Z
Updated: 2026-05-14T18:30:17.799Z

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions.

Published: 2026-05-14T16:07:54.261Z
Updated: 2026-05-14T18:29:09.123Z

HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse, especially if not combined with secure transmission practices.

Published: 2026-05-14T16:09:35.944Z
Updated: 2026-05-14T18:30:35.894Z

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions

Published: 2026-05-14T16:06:57.015Z
Updated: 2026-05-14T18:28:34.294Z

HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.

Published: 2026-05-14T16:05:42.908Z
Updated: 2026-05-14T18:26:13.335Z

HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to unintended exposure under specific conditions.

Published: 2026-05-14T16:10:49.720Z
Updated: 2026-05-14T18:30:54.675Z

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions

Published: 2026-05-14T16:12:39.710Z
Updated: 2026-05-14T18:31:14.791Z

HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allow exposure of data to external systems under specific conditions.

Published: 2026-05-14T16:17:33.031Z
Updated: 2026-05-14T18:32:11.208Z

HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.

Published: 2026-03-16T14:36:32.396Z
Updated: 2026-03-17T14:03:14.368Z

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system

Published: 2026-03-16T12:53:25.744Z
Updated: 2026-03-16T14:44:03.534Z

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.

Published: 2026-03-16T14:42:16.317Z
Updated: 2026-03-16T20:13:31.637Z

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour.

Published: 2026-03-16T14:39:12.088Z
Updated: 2026-03-16T20:14:12.826Z

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.

Published: 2026-03-16T14:29:03.864Z
Updated: 2026-03-16T18:27:08.587Z

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files.

Published: 2026-03-16T14:26:57.457Z
Updated: 2026-03-16T18:42:46.429Z

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure.

Published: 2026-03-16T14:45:23.821Z
Updated: 2026-03-16T20:07:54.201Z

HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure.

Published: 2026-04-15T08:47:33.167Z
Updated: 2026-04-15T13:18:47.899Z

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configurations with security best practices requires minimizing privileges and avoiding root-level execution wherever possible.

Published: 2026-03-16T12:35:06.222Z
Updated: 2026-03-17T10:57:54.993Z

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.

Published: 2026-03-16T12:27:48.222Z
Updated: 2026-03-16T14:54:07.756Z

HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which could potentially lead to service degradation or denial-of-service conditions under certain scenarios.

Published: 2026-03-16T14:21:08.132Z
Updated: 2026-03-16T18:43:45.176Z

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.

Published: 2025-10-10T10:21:30.433Z
Updated: 2025-10-10T16:27:41.610Z

HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.

Published: 2026-02-03T18:00:05.175Z
Updated: 2026-02-03T18:55:38.148Z

A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.

Published: 2025-10-10T10:06:04.509Z
Updated: 2025-10-10T16:34:12.221Z

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.

Published: 2026-02-03T18:16:08.001Z
Updated: 2026-02-03T19:12:24.938Z

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.

Published: 2025-10-10T09:55:59.009Z
Updated: 2025-10-22T20:37:27.200Z

HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.

Published: 2026-02-03T17:54:44.662Z
Updated: 2026-02-03T18:58:35.883Z

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.

Published: 2026-02-03T18:06:41.773Z
Updated: 2026-02-03T18:53:08.182Z

Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.

Published: 2026-02-03T17:44:27.526Z
Updated: 2026-02-03T19:02:59.358Z

A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0

Published: 2026-02-03T17:48:06.548Z
Updated: 2026-02-03T19:37:26.258Z

A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.

Published: 2025-10-10T10:28:53.219Z
Updated: 2025-10-10T15:51:43.666Z

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

Published: 2025-10-10T10:25:32.591Z
Updated: 2026-02-03T17:45:58.542Z

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.

Published: 2026-02-03T18:12:50.442Z
Updated: 2026-02-03T19:18:15.939Z