Primary

Context

HCL AION Missing Secure Attribute in Encrypted Session Cookie Vulnerability

Vulnerability

A vulnerability exists in HCL AION version 2.0 due to a missing secure attribute in encrypted session cookies, which can lead to unauthorized access. The absence of proper security attributes allows cookies to be transmitted over insecure channels, potentially exposing sensitive information.

Impact

The vulnerability could result in session cookies being intercepted or accessed by unauthorized parties, leading to session hijacking or exposure of sensitive information.

Remediation

Users can upgrade to HCL AION version 2.0.1, which addresses this vulnerability. For assistance with the upgrade, contact the HCL AION Product support team.

Added: Oct 10, 2025, 10:18 AM

Updated: Oct 10, 2025, 10:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL AION Missing Secure Attribute in Encrypted Session Cookie Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating