Description
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
Published: 2026-03-16
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Loss of Traceability and Monitoring
Action: Assess Impact
AI Analysis

Impact

The vulnerability in HCL AION causes certain user actions to fail to be audited or logged. This lack of proper logging means that the system cannot reliably track which users performed which actions, reducing accountability and hindering post‑incident investigations. According to the vendor description, the weakness is related to CWEs that concern logging and monitoring failures.

Affected Systems

The affected product is HCL AION. No specific impacted versions are listed in the available data.

Risk and Exploitability

The CVSS score of 5.8 indicates a medium severity. The EPSS score is below 1%, suggesting a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. While an attacker could use the missing logs to conceal malicious activity, the data does not indicate a direct exploitation path or elevated attack vector.

Generated by OpenCVE AI on March 18, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review and configure audit settings in HCL AION to ensure all relevant user actions are logged.
  • Validate that the logging mechanisms are writing to a secure, tamper‑evident location.
  • Conduct an internal audit of the current logging configuration and check for gaps.
  • Consult the HCL support article (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410) for vendor‑specific guidance.
  • Consider integrating HCL AION logs with an external SIEM or log management solution to enhance monitoring and incident response.

Generated by OpenCVE AI on March 18, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Mon, 16 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-778
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.
Title HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged.
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-16T18:27:08.587Z

Reserved: 2025-06-18T14:00:44.549Z

Link: CVE-2025-52644

cve-icon Vulnrichment

Updated: 2026-03-16T18:26:38.646Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T15:16:18.567

Modified: 2026-04-28T21:42:03.900

Link: CVE-2025-52644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:25Z

Weaknesses