HCL AION SQL Injection Vulnerability in Offering Configurations
Vulnerability
A vulnerability exists in HCL AION version 2.0, allowing certain offering configurations to execute potentially harmful SQL queries. This issue arises from improper validation or restrictions on query execution, which could lead to unintended database interactions or limited information exposure under specific conditions.
Impact
Exploitation of this vulnerability could result in unauthorized database access, manipulation of database contents, or exposure of sensitive information.
Remediation
Users can upgrade to HCL AION version 2.1.2, which addresses this vulnerability. For assistance with the upgrade process, contact the HCL AION support team.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.