HCL AION JWT Token Expiry Too Long Vulnerability

Vulnerability

A vulnerability exists in HCL AION version 2 due to JWT tokens having an excessively long expiry time. This could lead to token misuse, allowing unauthorized access if the token is compromised.

Impact

Excessively long token expiry times could increase the risk of token theft leading to unauthorized access.

Added: Jan 19, 2026, 6:35 PM

Updated: Jan 19, 2026, 6:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.7

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.7

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HCL AION JWT Token Expiry Too Long Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating