Description
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
Published: 2026-03-16
Score: 2.2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Potential SQL query execution with limited information disclosure
Action: Patch
AI Analysis

Impact

HCL AION is vulnerable because certain offering configurations may allow the execution of potentially harmful SQL queries. The weakness stems from improper validation or lack of restrictions on query execution, enabling unintended database interactions that could result in limited data exposure. The vulnerability is a classic SQL injection scenario (CWE‑89).

Affected Systems

The affected software is HCL AION. No specific version information is provided in the CNA records; the issue applies to the product as a whole.

Risk and Exploitability

The CVSS score is 2.2, indicating low severity, and the EPSS score is below 1%, showing low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through a configuration that accepts offering parameters, but the exact vector is not specified in the vendor data.

Generated by OpenCVE AI on March 18, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Consult the HCL support article KB0129410 (https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129410) for vendor guidance on patching or securing offering configurations.
  • Apply any vendor-released patch or configuration update that validates inputs and restricts arbitrary SQL execution as recommended in the support article.
  • If an immediate patch is unavailable, disable or restrict the offering configuration functionality that can trigger harmful SQL queries and review database permissions to limit potential impact.

Generated by OpenCVE AI on March 18, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Mon, 16 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions.
Title HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.
References
Metrics cvssV3_1

{'score': 2.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-16T20:13:31.637Z

Reserved: 2025-06-18T14:00:44.549Z

Link: CVE-2025-52646

cve-icon Vulnrichment

Updated: 2026-03-16T20:13:28.910Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T15:16:18.837

Modified: 2026-04-28T21:42:13.587

Link: CVE-2025-52646

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:21Z

Weaknesses