cbcvebase.

Hcl Software Aion vulnerabilities

7 known vulnerabilities affecting hcl_software/aion.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-52660P2CRITICALCVSS 9.8v22026-01-19
CVE-2025-52660 [CRITICAL] CWE-644 CVE-2025-52660: HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file upl HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
nvd
CVE-2025-55251P2CRITICALCVSS 9.8v22026-01-19
CVE-2025-55251 [CRITICAL] CWE-434 CVE-2025-55251: HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file upl HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.
nvd
CVE-2025-55252P3CRITICALCVSS 9.8v22026-01-19
CVE-2025-55252 [CRITICAL] CWE-521 CVE-2025-55252: HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access
nvd
CVE-2025-52659P3HIGHCVSS 7.5v22026-01-19
CVE-2025-52659 [HIGH] CWE-525 CVE-2025-52659: HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintend HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.
nvd
CVE-2025-52661P4MEDIUMCVSS 5.3v22026-01-19
CVE-2025-52661 [MEDIUM] CWE-613 CVE-2025-52661: HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the r HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised.
nvd
CVE-2025-55249P4MEDIUMCVSS 5.3v22026-01-19
CVE-2025-55249 [MEDIUM] CWE-693 CVE-2025-55249: HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard s HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks.
nvd
CVE-2025-55250P4MEDIUMCVSS 5.3v22026-01-19
CVE-2025-55250 [MEDIUM] CWE-209 CVE-2025-55250: HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensit HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks.
nvd
Hcl Software Aion vulnerabilities | cvebase