Description
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.
Published: 2026-05-14
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when HCL AION does not enforce encryption on certain data transmissions or internal operations. This weakness, classified as CWE‑319, means that sensitive data may be sent or processed in plaintext, allowing an attacker who can observe the traffic to intercept or copy the information. The potential impact is data exposure, which could compromise confidentiality and potentially enable further attacks.

Affected Systems

The affected product is HCL AION. Specific version information is not supplied in the advisory. Administrators should check the installation version and compare it with the vendor’s documentation for known regions of the vulnerability.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting currently no known widespread exploitation. However, if the system is exposed to a network where an attacker can eavesdrop on unencrypted traffic, the weakness can be exploited to capture data. Hence, the risk is contingent on the presence of unsecured communication paths and the sensitivity of the data involved.

Generated by OpenCVE AI on May 14, 2026 at 18:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that all network communications from HCL AION use TLS/SSL or equivalent encryption, and enable it if it is not already active.
  • Apply any vendor‑released patch or newer HCL AION version that enforces encryption; if none exists, contact the vendor for an update schedule.
  • Deploy network monitoring or intrusion detection to detect unencrypted traffic from AION and alert on potential data exfiltration.
  • Configure firewall rules to block or restrict any unencrypted connections originating from the AION system on exposed ports.

Generated by OpenCVE AI on May 14, 2026 at 18:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aion
Vendors & Products Hcl
Hcl aion

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized access under specific conditions.
Title HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Hcl Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-14T18:26:13.335Z

Reserved: 2025-10-10T09:04:16.878Z

Link: CVE-2025-62310

cve-icon Vulnrichment

Updated: 2026-05-14T18:26:09.190Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T17:16:18.190

Modified: 2026-05-14T17:22:46.577

Link: CVE-2025-62310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T18:45:26Z

Weaknesses