Primary

Context

HCL AION Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing the exposure of sensitive information to unauthorized users has been identified in HCL AION version 2.0. This issue arises from the absence or improper implementation of the 'X-Content-Type-Options' header, which can lead to the disclosure of sensitive data such as credentials or system information.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, including credentials and system details.

Remediation

This vulnerability has been addressed in HCL AION version 2.0.1. Customers using earlier versions should upgrade to 2.0.1. For assistance with the upgrade process, contact the HCL AION Product support team.

Added: Oct 10, 2025, 10:18 AM

Updated: Oct 10, 2025, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL AION Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating