Description
HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.
Published: 2026-03-16
Score: 1.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability in HCL AION involves predictable identifiers that may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. This weakness is classified as Information Exposure (CWE-200).

Affected Systems

The product affected is HCL AION. The CVE data does not provide specific version details or a list of affected release numbers.

Risk and Exploitability

The CVSS score of 1.8 indicates a low severity. An EPSS score of less than 1 percent suggests that exploitation of this vulnerability is unlikely to be widespread. It is not listed in the CISA KEV catalog. The description does not specify a particular attack vector, but it is inferred that an attacker would need to guess the predictable identifiers to cause any impact, which has a low likelihood of success.

Generated by OpenCVE AI on March 18, 2026 at 21:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security patch or update for HCL AION as provided by HCL support.
  • Review your configuration to ensure that system-generated identifiers are not exposed or left predictable.
  • Continuously monitor HCL support pages and security advisories for additional updates or mitigations.

Generated by OpenCVE AI on March 18, 2026 at 21:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hcltech:aion:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hcltech
Hcltech aion
Vendors & Products Hcltech
Hcltech aion

Mon, 16 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions.
Title HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature
References
Metrics cvssV3_1

{'score': 1.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Hcltech Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-03-17T14:03:14.368Z

Reserved: 2025-06-18T14:00:44.549Z

Link: CVE-2025-52649

cve-icon Vulnrichment

Updated: 2026-03-17T14:03:10.021Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T15:16:19.107

Modified: 2026-04-25T18:04:25.450

Link: CVE-2025-52649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:44:23Z

Weaknesses