Description
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
Published: 2026-05-14
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HCL AION may transmit backend service details over HTTP, a non‑encrypted channel. This weakness could allow an attacker to intercept the data in transit, potentially gaining access to sensitive information that is meant to remain confidential. The description indicates the risk is limited to information disclosure and not to modification or denial of service.

Affected Systems

The affected product is HCL AION. No specific version range is listed, so all installations of the product may be vulnerable until a fix is applied by HCL.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate risk. No EPSS value is available, and the vulnerability is not listed in CISA KEV, suggesting that it is not actively exploited in the wild. The attack vector can be inferred to be local or remote, depending on whether the insecure HTTP channel is exposed to external networks or only internal traffic. The lack of a defined exploit path or high likelihood of exploitation, combined with the moderate severity, implies a measured but non‑zero risk of confidential data exposure.

Generated by OpenCVE AI on May 14, 2026 at 18:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest HCL AION update if a vendor patch is available
  • Disable all legacy HTTP endpoints and enforce HTTPS for all backend communications
  • Audit network traffic to verify that sensitive backend data is no longer transmitted in cleartext

Generated by OpenCVE AI on May 14, 2026 at 18:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Hcl
Hcl aion
Vendors & Products Hcl
Hcl aion

Thu, 14 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions
Title HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Hcl Aion
cve-icon MITRE

Status: PUBLISHED

Assigner: HCL

Published:

Updated: 2026-05-14T18:28:34.294Z

Reserved: 2025-10-10T09:04:16.878Z

Link: CVE-2025-62311

cve-icon Vulnrichment

Updated: 2026-05-14T18:28:30.000Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T17:16:18.337

Modified: 2026-05-14T17:22:46.577

Link: CVE-2025-62311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T18:30:26Z

Weaknesses