Primary

Context

HCL AION Cookie SameSite Vulnerability Allowing Cross-Site Request Forgery

Vulnerability

A vulnerability exists in HCL AION version 2.0 related to cookies not properly implementing the SameSite attribute. This flaw can enable cookies to be sent with cross-site requests, thereby increasing the risk of cross-site request forgery (CSRF) attacks and similar security issues.

Impact

Exploitation of this vulnerability could lead to increased susceptibility to cross-site request forgery attacks, allowing an attacker to perform actions on behalf of a user without their consent.

Remediation

Users can upgrade to HCL AION version 2.1.0, which addresses this vulnerability. For assistance with the upgrade, contact the HCL AION Product support team.

Added: Feb 3, 2026, 7:48 PM

Updated: Feb 3, 2026, 7:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL AION Cookie SameSite Vulnerability Allowing Cross-Site Request Forgery

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating